Home >  News >  May, 2017

Cyberattack Targets Patient Information at Pa. Endoscopy Center

The incident reinforces the importance of protecting sensitive electronic records from online criminals.

Published: May 3, 2017

PROGRAMMED PROTECTION Cyberattacks are increasing rapidly, in both volume and complexity.

How secure is the personal information of the patients you treat? A recent data breach at a Pennsylvania endoscopy center suggests all healthcare facilities must bolster their defenses against the anonymous criminals who lurk in cyberspace.

Staff at Harrisburg (Pa.) Endoscopy and Surgery Center noticed suspicious activity on the facility's operating system and determined on March 17 that an unauthorized hacker could have accessed patients' personal data, which included names, demographic information, Social Security numbers and health insurance information.

A statement posted on the facility's website says there's no evidence that electronic records were in fact compromised and that patients were notified of the potential breach in an "abundance of caution." In late April, the center began mailing letters to patients who might have been impacted and set up a dedicated call line to address their concerns.

Bill Rhodes, the center's COO, says an IT forensic company completed a full scan that showed zero evidence of any patient information being exported from the system. "As a precaution, we notified our patients of the suspicious activity and provided them the opportunity to have a credit check for one year, free of charge," he adds. "Our IT company has made changes to the current cybersecurity on our servers and this will be monitored at a more stringent pace than in the past, so as to stop any chance of a breach in the future."

It's been known for more than 2 years and from many sources that healthcare medical records are a top target for cybercrime, according to Ellen M. Derrico, MBA, an independent marketing executive of healthcare technology and security based in West Chester, Pa. She says, "Health care is the top target because patient records are complete, which provides criminals with credit card information, birth dates, Social Security numbers, insurance policy information and medical histories."

Ms. Derrico says health care is behind the curve on investing in technology, training and recovery plans that are needed to protect against cybercrime. "Healthcare providers are also often more interested in budgeting for new equipment or personnel, so cybersecurity is underfunded" she adds. "This all adds up to a cybercriminal's dream scenario."

Most cyber breaches are not identified for weeks, months or, in some cases, more than a year, according to Ms. Derrico. She suggests healthcare facilities implement a comprehensive cybersecurity program that includes: adding technology to protect operating systems, networks, personal devices and patient data; installing up-to-date anti-viral and anti-malware software; and ensuring staff members receive training about protecting electronic records.

Daniel Cook

Also in the News...

Music Is as Good as Sedative in Calming Nerves Before Surgery
Jury: Orthopedic Surgeon's Routine of Performing 14 Concurrent Surgeries a Day Negligent
Federal Court Dismisses More Than 5,000 Lawsuits Against 3M's Patient Warming System
Study Finds Sedation Method Doesn't Affect Adenoma Detection Rate
Negligence Suit: Reckless Intraoperative Neuromonitoring During Spinal Surgery Led to Deadly Catastrophic Hypoxic Brain Injury
Class Action: 600 Ex-employees Sue Laser Spine Institute for 2 Months of Pay and Benefits
Senator Creates Firestorm With Nurses Playing Cards Comment

New to Outpatient Surgery Magazine?
Sign-up to continue reading this article.
Register Now
Have an account? Please log in:
Email Address:
  Remember my login on this computer

Did You See This?

advertiser banner

Other Articles That May Interest You

Business Advisor

Sending Pre-op Text Alerts and Reminders

Real-time OR Monitoring Leads to Better, Safer Surgery

QA with Teodor Grantcharov, MD, PhD, FACS, creator of surgery's 'black box' and believer that data doesn't lie.

11 Patient Communication Apps

From chatbot-powered pre-op text messaging to AI-driven recovery plans, technology is transforming the patient experience.