MetroHealth cardiac cath lab attacked by malware, 981 patient records compromised

Cleveland-based MetroHealth System discovered malware in three computers in its cardiac catheterization lab, prompting the system to notify nearly 1,000 patients that their protected health information may have been accessed.

Malware was detected on the three computers March 17, and potentially compromised patients who received treatment in the cath lab between July 14, 2014 and March 21, 2015, according to the health system. The malware infiltrated the system between July 14, 2014 through July 19, 2014.

In addition to discovering the initial malware, the health system also discovered a "back door" access point to the computers that would allow the virus to still access the computers if the original malware software were to be removed. This "back door" access was removed from the computers March 21.

MetroHealth determined a business associate had disabled the antivirus software on the computers to complete a software update on the computers, and the malware was able to access the system while the antivirus software was disabled.

Potentially compromised information includes patient names, birth dates, date of service, height, weight, medications administered in the cath lab, medical record number, case number and raw data related to cardiac catheterization, such as EKG tracings and oxygen saturation. The computers did not store any financial information.

MetroHealth has no evidence any health information was accessed.

"The circumstances surrounding the event and typical uses made of this malware indicate that the computers were hacked in an effort to obtain banking information and credentials used to log into financial accounts. No such information is stored on these computers," according to the health system.

MetroHealth indicates it has heightened privacy and security levels through increased monitoring for malware, additional antivirus update reviews and revised procedures for software updates, according to the report.

Editor's note: This article was updated at approximately 10:50 am CST to include comments from MetroHealth System.

More articles on data breaches:

Data breaches could cost $2.1T globally by 2019
Media coverage of data breaches drives 69% of companies to take another look at security: 5 things to know
9 latest data breaches

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Content

Featured Webinars

Featured Whitepapers