Something new, but hardly happy. A hacker took control of a server hosting corporate e-mail and electronic health records at the Surgeons of Lake County, a group practice in Libertyville, Ill., then demanded an undisclosed financial payment, according to a story at healthdatamanagement.com.
A message on the server said its contents had been encrypted and demanded money from the practice for a password to turn off the encryption. The practice simply turned off the server and it was not turned back on, while staff notified authorities.
Jordan Robertson noted that the hackers made no attempt to keep their presence a secret, but took “the extreme step of encrypting their illicit haul and posting a digital ransom note demanding payment for the password.”
Experts said this suggests a new “level of sophistication and targeting that suggests they knew what they were doing,” said Rick Kam, president of ID Experts, a Portland, Oregon-based company that makes data-breach prevention technology and specializes in healthcare.
Approximately 7,067 patients have been affected and notified, along with the HHS Office for Civil Rights, and the practice is offering the standard compensation when this happens. Affected patients will receive one year of credit monitoring services, since the on the server included Social Security numbers, names, addresses, credit card numbers and some medical information.
Breaches have become so (frighteningly) common that most of us yawn and go on about our business until the next one. I certainly do, but maybe that’s because my records haven’t been hacked (yet), though I do remember the panic I felt when my bank notified me several years ago that my accounts might have been tinkered with.
“Surgeons believes the intention of the unauthorized access was to extort payment from surgeons, not to take patient information, and Surgeons is not aware of any reports that the information contained on the server has been misused as a result of this incident,” the story referenced a statement from the practice.
Electronic health records were supposed to make our, and our physicians’ lives, easier by having our data on hand at all times, ready to be shared with specialists and others, allowing us ideally better, more comprehensive care.
But it seems they’re also doing something else: showing us just how vulnerable our personal information really is.
Edited by
Braden Becker
