Healthcare Breach Causes Permanent Damage
By Hodgson Consulting & Solutions | November 15, 2019
InterMed is a health provider based out of southern Maine. Recently, the provider has found itself in the damage control stage, following a recent data breach the company experienced. According to newscentermaine.com, InterMed was the victim of an email security breach, which exposed the health information of 30,000 patients. (2019) Company representatives reported that they learned of the initial breach on September 6, 2019; which constituted unauthorized access to one of its employee’s email accounts. As a result, the company took immediate action by launching an investigation. “The investigation found that three other employee email accounts were also hacked between Sept. 7 and Sept. 10, 2019. As a result, InterMed says it reviewed the messages and attachments in the email accounts and found they contained the information of roughly 30,000 of its patients. The information included patient names, dates of birth, health insurance information and clinical information. The company said only a limited number of patient Social Security numbers were exposed.” (newscentermaine.com, 2019) InterMed sent notification letters to the accumulated list of potentially exposed patients on November 5, 2019. Patient personal and medical data is a constantly at risk of falling in the hands of hackers. Cybercriminals target the medical industry quite often. And their efforts to extort and expose healthcare businesses is almost always done at the expense of the patients the providers serve.
Fierce Healthcare (fiercehealthcare.com, 2019) reported that a ransomware attack hit several computer systems at Brooklyn Hospital Center in New York City and exposed patient data; losing some patient information permanently. “In a notice posted on its website Monday, the hospital said in July it became aware of unusual activity on some hospital servers. After investigating the incident along with a third-party forensic investigation firm, the hospital discovered that malware had encrypted some of the hospital's patient files and disrupted the operation of certain hospital systems. Despite remediation efforts to recover all the data infected with malware, the hospital determined in September that certain patient data were unrecoverable.” (fiercehealthcare.com, 2019) The recovery efforts following this attack are still ongoing at this time.
How it Could Affect You:
Cybercriminals frequently attack the healthcare industry. This puts all patients and their records at risk. To avoid finding yourself in the predicament of sending or receiving a letter like the one InterMed issued, make sure your healthcare institution has updated cybersecurity protections in place. Healthcare providers must take cybersecurity seriously for compliance and patient safety reasons. Patients must be aware and care enough to make sure you are providing only necessary information and that never be afraid to ask how your provider is securing your data.
Hodgson Can Help:
Here at Hodgson Consulting & Solutions, we specialize in securing data and information loss prevention for companies with multiple locations and/or a remote workforce. Contact us to receive a FREE 17-Point Confidential Technology Security Consultation and learn more about our Managed Security Service Plans.