Danger in the Cloud: More than 100 Nursing Homes Cut Off from EHR by Cyber Attack
Unsecure digital networks are putting patient health at risk as healthcare facilities continue to attract ransomware and other cyber attacks.
Electronic health records (EHRs) are here to stay. Among the advantages of EHRs are the ability to store, share, and track medical data of patients that can help physicians provide better, more consistent care. A big disadvantage of EHRs is their vulnerability to breach, accidental exposure, or online theft.
A quick glance at the Breach Portal maintained by Health and Human Services (HHS) offers a breathtaking glance at the common nature of medical data theft. In November, IT vendor Virtual Care Provider Inc. (VCPI) suffered a ransomware attack with potentially devastating impacts on the more than 100 nursing homes across the country that rely on VCPI.
According to Krebs on Security, unknown hackers inserted ransomware into VCPIs networks. The ransomware encrypted the entirety of data hosted by the company. The company offers core tech services including electronic health record, billing, phone, and internet service to approximately 110 nursing homes.
Data Restoration Ransom Demand
In addition to total loss of access to data, the company received a ransom demand of $14 million in Bitcoin for data restoration. In the meantime, important drug orders for assisted living patients, and billing invoices to Medicaid were not transmitted. Physicians and healthcare providers lost access to medical records when the network locked up.
Ransom demands threaten the health and lives of patients whose caregivers rely on digital service to support their standard of care. Hacking and exfiltration of medical data remain a growth industry around the world. Media reports suggest the VCPI attack was the work of Russian hackers who infiltrated the system over the span of a year with infected email attachments.
Hackensack Meridian Ransomware Attack
In December, Hackensack Meridian, the largest hospital system in New Jersey was infected with ransomware that wreaked havoc on patient services. Healthcare providers worked without access to medical records and non-emergency surgeries were rescheduled. The hospital system includes 17 acute care facilities and a psychiatric facility, according to The Washington Post. Without disclosing the amount paid, Hackensack Meridian apparently paid a demanded ransom for restoration of their records.
Beyond extortion of money from healthcare providers with vulnerable data networks, theft of medical data is big business. Used to create new identities, gain access to controlled substances, and collect data on patients, hackers sell digital medical data on the dark market to domestic and international buyers.
HIPAA compliance does not mean much when medical records are stolen or held for ransom. If you, or a loved one are hurt through medical mistake, or injured due to a mistake with your electronic health record, talk to a reputable medical malpractice attorney about your case.
Experienced injury attorneys help you in Baltimore and Washington, D.C.
Schochor, Federico and Staton, P.A. is a leading medical malpractice law firm with a track record of success obtaining compensation for individuals and families hurt through medical negligence. Contact us today or call 410-234-1000 to schedule a free consultation to discuss your case.