Decatur County General Hospital, a 40-bed facility in Parsons, Tenn., is offering 24,000 patients one year of credit monitoring services after its electronic health record system was hacked.
The incident appears to be a ransomware attack, although the organization did not use that term in the notification letter it sent to patients.
“On November 27, 2017, we received a security incident report from our EHR system vendor indicating that unauthorized software had been installed on the server the vendor supports on our behalf,” the hospital explains. “The unauthorized software was installed to generate digital currency, more commonly known as ‘cryptocurrency,’ ” a digital currency such as bitcoin.
The hospital did not identify the vendor of its EHR system in the notification letter sent to patients. Its patient portal is generically branded, but indicates that the copyright for the technology belongs to CPSI.
Investigation of the attack continues but it is believed that an unauthorized individual remotely accessed the server where the EHR stores patient information to install the malware. The software was installed as early as Sept. 22.
While noting there is no evidence that patient information was actually acquired or viewed, the hospital was unable to verify that there was no unauthorized access.
Compromised data included names, addresses, dates of birth, Social Security numbers, diagnoses and treatment information, and insurance billing information. The hospital urged patients to place a fraud alert on their credit files and explained the process in the notification letter.
Hospital personnel did not immediately respond to a request for additional information.
Register or login for access to this item and much more
All Health Data Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access