Nebraska Medical Center and the University of Nebraska Medical Center are alerting patients of a malware attack last year on its IT systems that may have exposed their protected health information.
In a Feb. 5 privacy incident notice, the Omaha, Neb.-based healthcare organizations told patients they discovered unusual network activity Sept. 20 that affected some of its IT systems. In response, the two medical centers shut off select systems, isolated potentially affected devices and investigated.
The hospitals found that between Aug. 27 and Sept. 20, an unauthorized person gained access to systems on its network and deployed malware to get copies of patient and employee information. The attack did not result in unauthorized access to either hospitals' EHR.
The breach also affected patients seen at Faith Regional Health Services, Great Plains Health and Mary Lanning Healthcare, whose information was in the Nebraska Medicine and University of Nebraska Medical Center network. Information exposed in the breach included Social Security numbers, names, addresses, dates of birth, medical record numbers and lab results.
Both medical centers are providing patients whose Social Security numbers and/or driver's license numbers were affected with free credit monitoring and identity theft services. The hospitals are also implementing new network-monitoring tools to avoid more breaches.