Home >  News >  May, 2017

Cyberattack Targets Patient Information at Pa. Endoscopy Center

The incident reinforces the importance of protecting sensitive electronic records from online criminals.

Published: May 3, 2017

PROGRAMMED PROTECTION Cyberattacks are increasing rapidly, in both volume and complexity.

How secure is the personal information of the patients you treat? A recent data breach at a Pennsylvania endoscopy center suggests all healthcare facilities must bolster their defenses against the anonymous criminals who lurk in cyberspace.

Staff at Harrisburg (Pa.) Endoscopy and Surgery Center noticed suspicious activity on the facility's operating system and determined on March 17 that an unauthorized hacker could have accessed patients' personal data, which included names, demographic information, Social Security numbers and health insurance information.

A statement posted on the facility's website says there's no evidence that electronic records were in fact compromised and that patients were notified of the potential breach in an "abundance of caution." In late April, the center began mailing letters to patients who might have been impacted and set up a dedicated call line to address their concerns.

Bill Rhodes, the center's COO, says an IT forensic company completed a full scan that showed zero evidence of any patient information being exported from the system. "As a precaution, we notified our patients of the suspicious activity and provided them the opportunity to have a credit check for one year, free of charge," he adds. "Our IT company has made changes to the current cybersecurity on our servers and this will be monitored at a more stringent pace than in the past, so as to stop any chance of a breach in the future."

It's been known for more than 2 years and from many sources that healthcare medical records are a top target for cybercrime, according to Ellen M. Derrico, MBA, an independent marketing executive of healthcare technology and security based in West Chester, Pa. She says, "Health care is the top target because patient records are complete, which provides criminals with credit card information, birth dates, Social Security numbers, insurance policy information and medical histories."

Ms. Derrico says health care is behind the curve on investing in technology, training and recovery plans that are needed to protect against cybercrime. "Healthcare providers are also often more interested in budgeting for new equipment or personnel, so cybersecurity is underfunded" she adds. "This all adds up to a cybercriminal's dream scenario."

Most cyber breaches are not identified for weeks, months or, in some cases, more than a year, according to Ms. Derrico. She suggests healthcare facilities implement a comprehensive cybersecurity program that includes: adding technology to protect operating systems, networks, personal devices and patient data; installing up-to-date anti-viral and anti-malware software; and ensuring staff members receive training about protecting electronic records.

Daniel Cook

Also in the News...

R.I. Smoke Evacuation Legislation Becomes Law
Former Chief Nursing Officer Alleges Firing Retaliation for Reporting Safety Concerns
IV Drip Containing Formaldehyde Instead of Saline Kills Russian Woman, 28
Central Sterile Tech Shoots and Kills Nursing Supervisor at Alabama Hospital
Study Finds Psychosis Drug Amisulpride Reduces Nausea and Vomiting
Design Flaw Could Keep Bair Hugger Warming Blankets From Fully Inflating
Pentax Voluntarily Recalls ED-3490TK Video Duodenoscopes for Design and Labeling Changes

New to Outpatient Surgery Magazine?
Sign-up to continue reading this article.
Register Now
Have an account? Please log in:
Email Address:
  Remember my login on this computer

advertiser banner

Other Articles That May Interest You

2018's Biggest Health Hazard? IT Security

Is Your Data Secure?

Take these steps today to protect your facility from a cyberattack.

Have You Checked Out EMRs Lately?

Today's systems are more useful — and more user-friendly — than ever.