Archive November 2017 XVIII, No. 11

Is Your Data Secure?

Take these steps today to protect your facility from a cyberattack.

Anna Merriman

BIO

cyber criminals HACK ATTACK Cyber criminals can hold your data ransom, disable your computer network or access your patients' private information and sell it online.

One day in mid-March, the staff of the Harrisburg (Pa.) Endoscopy and Surgery Center looked at their computers to find nothing but gibberish. Where there were once patient files — dates of birth, health histories and Social Security numbers — there were only scribbles and symbols.

"It was like hieroglyphics," says Bill Rhodes, CST, CGA, the center's administrator.

They'd been hacked. Cyberattacked. In this case, a "ransomware attack," which is as sinister as it sounds. Hackers hold your facility's data ransom, demanding money before releasing the information. The hack was soon followed by an email from the hackers, demanding a little less than $30,000 to return the patients' files, says Mr. Rhodes.

The center waited a few days, trying to find other ways to access their computers. In the meantime they used backup files stored away in their basement and had to rebuild many patients' medical and family histories.

"We were able to function for those days," says Mr. Rhodes, "but it was a very slow 3 days."

The center eventually paid the ransom in full with help from cyber insurance they luckily had in place, but even the payment process proved to be long and tedious. Mr. Rhodes says the ASC had to pay for bitcoins — an online currency that's difficult to track and frequently used by ransomware hackers — which they then deposited into an online "purse." The purse served as a sort of online middleman, letting the hackers retrieve the cryptocurrency without being tracked.

Though the center was relieved to discover the hackers had likely not stolen their patients' information, the whole ordeal left them shaken.

"We feel better now, but it's like anything," says Mr. Rhodes. "How safe does anybody feel?"

Their story is one that's echoed thousands of times across the medical community. Every surgical facility, from major hospitals to small surgery centers, is a desirable target for hackers — and a vulnerable one at that. They can hold your data ransom, disable your computer network or, in one of the worst-case scenarios, access your patients' private information and sell it online.

New to Outpatient Surgery Magazine?
Sign-up to continue reading this article.
Register Now
Have an account? Please log in:
Email Address:
  Remember my login on this computer

advertiser banner

Other Articles That May Interest You

Have You Checked Out EMRs Lately?

Today's systems are more useful — and more user-friendly — than ever.

Cyberattack Targets Patient Information at Pa. Endoscopy Center

The incident reinforces the importance of protecting sensitive electronic records from online criminals.

EHRs vs. Paper: Pick Your Poison