All is relatively well here at Woesnotgone Meadow, where everyone has above average bandwidth.
In the Meadow, the residents take care of their health, for the most part. When we need to, the doctor is always available for our visits, complaints, and general layman conjecture on the root causes of our ailments. At times, Dr. Gerry even listens to us ask if we need a drug that we had just seen on the television the night before.
The Elizabethtown Community Hospital (ECH), which is part of The University of Vermont Health Network had the opportunity to work through an incident response recently. ECH operates six community based primary healthcare centers, and an ER and outpatient center.
ECH had, what they termed, a “data security incident” aka compromise, recently. This was detected in October 2018. This has affected an estimated 32k patients. Although the system was compromised, ECH did not have any clear evidence any individual patient record was accessed. Although there is no clear evidence, to be conservative, ECH is still publicizing this so the potentially affected clients may be prepared.
This event was due to an ECH email account being compromised. The email account did contain client’s names, dates of birth, addresses, and limited medical information (i.e. billing, medical record numbers, dates of service, and a brief summary of rendered services). Unfortunately, a portion of the patients (approximately 1,200) did have their social security number included with the compromised data.
Once this was detected, nine days after the compromise, ECH changed the affected account(s) password(s), made the security features more robust, and contracted with a forensic cybersecurity firm to analyze the incident. This did not, fortunately, spread to the computer network or electronic medical records (EMR)
To assist with the issue, the affected patients are being offered free credit monitoring services. The length of time was not noted for this service to be provided. For the patient’s, this is of marginal value, as the attackers could use this data a day, week, or month after the credit monitoring service has lapsed.
This continues the lesson of staff training for phishing attacks. This attack protocol continues to be prominent and not slowing down any in its usage. All this attack needs, to be successful, is for a few of the targets to click on the link or attachment!
Thanks for visiting Woesnotgone Meadow, where the encryption is strong, and the O/Ss are always using the latest version.
Resources
Demol, P. (2018). ECH data breach exposes patient info. Retrieved from https://www.suncommunitynews.com/articles/the-sun/ech-data-brach-exposes-patient-info/
No comments:
Post a Comment