Hackers strike healthcare industry again

Indiana hospital notifies 4,400
By Erin McCann
11:07 AM
Share
St. Mary's Medical Center
Think healthcare is not a target for cyberattacks? Think again. Following a pattern of increasing attack frequency, one Indiana-based hospital is the newest target, after hackers swiped the personal data of thousands. 
 
The 508-bed St. Mary's Medical Center, part of Ascension Health, is notifying some 4,400 of its patients of a data breach following a cyberattack that occurred back in December. 
 
Hospital officials say on Dec. 3 they discovered hackers swiped employee email usernames and passwords. After shutting down the affected accounts, they determined those employee email accounts contained personal patient data of 4,400 individuals, including Social Security numbers, names, dates of birth, insurance information and health data. 
 
 
"St. Mary's sincerely apologizes for any inconvenience this unfortunate incident may cause," read a March 5 hospital notice. 
 
When asked whether this cyberattack was an isolated event to St. Mary's Medical Center, Ascension Health officials did not respond for comment by publication time. 
 
Just this February, health insurance giant Anthem notified more than 80,000 members and non-members following a cyberattack in which hackers swiped Social Security numbers, dates of birth, demographic data and income data. 
 
 
"This should serve as yet another wake-up call for those who haven't gotten it yet," said Mac McMillan, CEO of healthcare security and compliance consulting firm CynergisTek, speaking to Healthcare IT News about the Anthem data breach. "Healthcare is a target."
 
Even federal officials have recently issued a caveat to the healthcare industry that they are indeed targets of cyberattacks. " The FBI has observed malicious actors targeting healthcare related systems, perhaps for the purpose of obtaining protected healthcare information (PHI) and/or personally identifiable information," they stated in a 2014 FBI Flash Alert.  
 
This uptick in attacks has prompted many healthcare security professionals to prioritize security in a different way, one that adapts to the evolving threat landscape. 
 
 
"As an industry we can't ignore this stuff anymore," said Texas Health Resources CISO Ron Mehring at the Healthcare IT News Privacy & Security Forum last week in San Diego. "We've got to pay closer attention to these threats," and we "must prioritize our efforts against them far more" than we have done in the past."