MetroHealth Victim of Malware Attack
MetroHealth System based in Cleveland (Ohio, US) of late found that three of its PCs within the cardiac catheterization laboratory were infected with malicious software, which led the health center towards informing almost 1,000 patients that someone may've accessed their otherwise protected health-related data, thus published beckershospitalreview.com dated May 18, 2015.
The health center said that detection of the malicious software occurred on March 17, 2015 that potentially affected people taking treatment during July 14, 2014-March 21, 2015 inside the catheterization laboratory. The malware infection happened during July 14-19, 2014.
Alongside finding the malware, MetroHealth further found one 'backdoor' access node connecting with the PCs so the malicious program could even then access the PCs in case the initial malicious program happened to be eliminated. However, on 21st March, 2015, the computers were cleared off the 'backdoor' component.
According to MetroHealth, one of its entrepreneurial partners had deactivated the PCs' AV programs for performing an update of software on those machines; consequently, the malware became capable of infiltrating the PCs same time when the AV stood non-functional.
Patient data that was potentially affected contained patient name, birth-date, weight, height, service date, case number, number for medical record, medications done at the time of procedure, along with raw data of cardiac catheterization like tracking codes of oxygen saturation and EKG.
The health center, while expressing regret of the situation, said that it had no evidence whether medical information was obtained during the malware attack.
It recommended patients potentially impacted to review account statements as well as other statements on "Explanation-of-Benefits" in connection with the medication procedures.
Moreover according to the health center, though not likely, it's probable that the illegitimate admission into the computers may result in certain patient information compromise. There aren't any indications that any unauthorized entity accessed else utilized the data during the attack. However, from the incident's conditions and characteristic utilizations done of such malware, it was evident that the hack was a bid for acquiring banking information as also the login credentials for financial accounts. Luckily, such information hadn't been saved on the PCs, MetroHealth said. Newsnet5.com reported this, May 18, 2015.
» SPAMfighter News - 5/26/2015