Malware on imaging server compromises data at New Mexico hospital

Register now

Last month, Roosevelt General Hospital in Portales, N.M., found malware on a digital imaging server containing radiological images and patient data.

The organization estimates that the data of about 500 patients may have been put at risk from the malware attack.

The information technology department secured and restored the server, and patient information was recovered, according to the organization. An evaluation of server vulnerabilities was performed, and the hospital believes all other risks to data have been mitigated.

Nine types of protected health information were potentially comprised, including Social Security numbers, patient names, addresses, dates of birth, driver’s license numbers and patient gender.

Although experts and the organization could not confirm that data had actually been compromised, and that the data would have been accessible to hackers, Roosevelt General now is alerting potentially affected patients and offering assistance in monitoring their information. The hospital has not publicly identified the protective services firm aiding patients or the duration of credit monitoring services and possibly identity protection.

“With security events such as this one, time was taken to thoroughly investigate what occurred and identify the individuals who have been affected,” the organization explained in a statement. “Since then, the server has been secured and patient information has been restored.”

The breach has been reported to the Department of Health and Human Services, and the number of affected individuals will be posted on the Office for Civil Rights’ data breach web site.

“Although we are continuing our investigation, there is no evidence at this time that any patient data has been wrongfully used,” says Kaye Green, CEO at Roosevelt General Hospital. “The malware identified on the radiology server was contained and terminated immediately upon detection. This breach did not affect our electronic health record system or billing system.”

For reprint and licensing requests for this article, click here.