Home >  News >  May, 2017

Cyberattack Targets Patient Information at Pa. Endoscopy Center

The incident reinforces the importance of protecting sensitive electronic records from online criminals.

Published: May 3, 2017

PROGRAMMED PROTECTION Cyberattacks are increasing rapidly, in both volume and complexity.

How secure is the personal information of the patients you treat? A recent data breach at a Pennsylvania endoscopy center suggests all healthcare facilities must bolster their defenses against the anonymous criminals who lurk in cyberspace.

Staff at Harrisburg (Pa.) Endoscopy and Surgery Center noticed suspicious activity on the facility's operating system and determined on March 17 that an unauthorized hacker could have accessed patients' personal data, which included names, demographic information, Social Security numbers and health insurance information.

A statement posted on the facility's website says there's no evidence that electronic records were in fact compromised and that patients were notified of the potential breach in an "abundance of caution." In late April, the center began mailing letters to patients who might have been impacted and set up a dedicated call line to address their concerns.

Bill Rhodes, the center's COO, says an IT forensic company completed a full scan that showed zero evidence of any patient information being exported from the system. "As a precaution, we notified our patients of the suspicious activity and provided them the opportunity to have a credit check for one year, free of charge," he adds. "Our IT company has made changes to the current cybersecurity on our servers and this will be monitored at a more stringent pace than in the past, so as to stop any chance of a breach in the future."

It's been known for more than 2 years and from many sources that healthcare medical records are a top target for cybercrime, according to Ellen M. Derrico, MBA, an independent marketing executive of healthcare technology and security based in West Chester, Pa. She says, "Health care is the top target because patient records are complete, which provides criminals with credit card information, birth dates, Social Security numbers, insurance policy information and medical histories."

Ms. Derrico says health care is behind the curve on investing in technology, training and recovery plans that are needed to protect against cybercrime. "Healthcare providers are also often more interested in budgeting for new equipment or personnel, so cybersecurity is underfunded" she adds. "This all adds up to a cybercriminal's dream scenario."

Most cyber breaches are not identified for weeks, months or, in some cases, more than a year, according to Ms. Derrico. She suggests healthcare facilities implement a comprehensive cybersecurity program that includes: adding technology to protect operating systems, networks, personal devices and patient data; installing up-to-date anti-viral and anti-malware software; and ensuring staff members receive training about protecting electronic records.

Daniel Cook

Also in the News...

Joint Commission Has Zero Tolerance for Poor Hand Hygiene
Kentucky Plastic Surgeon Arrested for Allegedly Arriving at Hospital Intoxicated
Lawsuit: VA Hospital Left Scalpel Inside Army Vet's Abdomen
Single-OR Facilities Must Adhere to the Same Quality Standards as Licensed ASCs
Lawsuit: Scrub Nurse Photographed Coworker Nude in OR
Study Examines the Ergonomics of Surgery and its Adverse Effects on Physicians
Nurse Sues Prominent Ophthalmologist for Assault Over Violent Incident Caught on Security Camera

New to Outpatient Surgery Magazine?
Sign-up to continue reading this article.
Register Now
Have an account? Please log in:
Email Address:
  Remember my login on this computer

advertiser banner

Other Articles That May Interest You

Have You Checked Out EMRs Lately?

Today's systems are more useful — and more user-friendly — than ever.

10 Things I Wish Someone Had Told Me About EMRs

Potholes to avoid as you head down the paperless path.

2018's Biggest Health Hazard? IT Security