Healthcare News & Insights

Hackers hold EHR data for ransom

While healthcare organizations are no stranger to IT security attacks, this recent breach of EHR data contained a unique twist. 

The Surgeons of Lake County, based in Libertyville, IL, recently reported that its computer network had been infiltrated by hackers, who gained access to a server that stored emails and electronic health records (EHRs).

But unlike a typical breach of protected health information, the criminals didn’t appear to want the records in order to use them to commit identity theft. Instead, the hackers encrypted the EHR files so the doctors wouldn’t be able to access them. Then, they demanded a ransom to be paid before they would turn over the password to unlock the records.

The hackers made the demands in a message loaded onto the server. The doctors refused to pay, and turned off the machine and contacted law enforcement authorities immediately after the message was seen.

It’s unknown what amount of money was demanded in the ransom, or whether the surgeons had kept back-up copies of the EHR data or if the records have otherwise been recovered, according to a post on Bloomberg’s Tech Blog.

The organization said it doesn’t appear that any of the information held on the server has been misused, though before the machine was shut down the hackers had access to protected health information and other sensitive data, including names, addresses, Social Security numbers, credit card numbers and some medical information. The Surgeons of Lake County has notified affected patients that their data may have been compromised.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.

Speak Your Mind