Excellent reporting from Modern Healthcare and Health Data Management help us to understand what happened at Emory Healthcare. Here is what you need to know about Emory Healthcare’s breach.
“Emory Healthcare in Atlanta is notifying 79,930 patients who had appointments at the Orthopaedics and Spine Center or the Brain Health Center from March 25, 2015, and Dec. 6, 2016, respectively, through Jan. 3, 2017, about a cyberattack that compromised their names, medical record numbers, physician names, dates of service and other personal information. The hacker gained access to and deleted the centers’ appointment information system, according to a statement from Emory.”
The Atlanta-based health system’s “waits and delays” appointments system was hacked sometime around the turn of the new year, Emory announced earlier this week. After removing the appointments database, the hackers demanded a ransom to restore the site. Emory Healthcare did not say whether it paid the ransom.
The breach affected 79,930 patients of Emory Clinic’s Orthopaedics and Spine Center and Brain Health Center. The six-hospital system said the breached database did not include financial information and social security numbers. However, it did expose names, birth dates, contact information, internal medical record numbers and appointment information.
Emory learned about the breach on Jan. 3, and said it is “reviewing and refining” its security measures for internal and third-party computer systems.
Around the same time, Emory Healthcare discovered an unnamed security research center also breached the database. The firm looks for security weaknesses, according to Emory.
Security research center MacKeeper has said in a blog post that it uncovered a poorly configured patient record database that seemed to belong to Emory Brain Health Center.
So far this year, 325,558 patients’ data have been breached, according to the U.S. Department of Health and Human Service Office for Civil Rights’ Breach Portal, which displays breaches of health data that affect 500 or more people.
Most of the exposed data were from healthcare providers, and Emory’s hack is the largest single incident reported in 2017.
The healthcare system sent mailed alerts to the affected patients, who were people who had appointments between March 25, 2015, and January 3, 2017, at the Orthopaedics and Spine Center and between December, 6, 2016, and January 3, 2017, at the Brain Health Center. Emory Healthcare recommends that patients keep an eye on their account statements and credit reports.
Securolytics Health Cloud is the First Holistic Security Platform Designed For Healthcare To Prevent Security Breaches And Manage Compliance Across Mobile, Cloud And The Internet of Things (IoT) At Securolytics, we provide innovative and proactive next-generation SIEM solutions for over 100 clients (from every sector). Contact us today.