Data Hijacker Holds Patient Data Hostage
A critical access hospital in southern Illinois was targeted by holding PHI data hostage. The attacker was an unknown party with access to protected health information. This attacker also threatened to release more data unless a “substantial” ransom payment was made.
The 22-bed hospital in Flora, Ill., notified its clinic patients that back on Nov. 2 there was a PHI data hostage situation. The hospital received an anonymous email containing patient PHI data . The email sender threatened to make the confidential information public unless they received a “substantial payment” from the hospital, CCH officials explained in a Dec. 15 notification letter to affected patients.
Clay County Hospital officials immediately notified law enforcement, according to the notice. The compromised data included patients names, addresses, Social Security numbers and dates of birth. Following an investigation by external forensic experts, it was determined that hospital servers had not been hacked and “remain secure.”
In order to prevent future data hostage incidents, Clay County Hospital is implementing extra internal security measures,” officials wrote in the notice. “These include additional logging systems and auditing features to track and control data access.”
This is far from an isolated incident involving holding protected health information hostage in order to receive payments. Rather, as the healthcare industry makes the switch from paper records to digital, these episodes are part of a larger upward trend.
A similar data hostage event occurred back in August 2012 when another Illinois-based healthcare organization, The Surgeons of Lake County, reported that a hacker had broken into their servers, swiped electronic PHI, encrypted the data and then proceeded to post a ransom note demanding financial payment in exchange for the password to the data.
At Orange County Computer®, we offer several layers of medical office data security options. If you suspect that your medical office may be at risk, or if you would like to learn more about our Medical IT Services, contact the Cyber Security Experts at Orange County Computer® for a complete assessment. Call our Tech Center at (949) 699-6619 for an appointment or visit us online . We are happy to help.
Information originally obtained from Healthcare IT News’ Erin McCann. View the story here.