Data held hostage in bizarre Illinois breach

privacy and security - 213.47 Kb
An unauthorized user gained access to and encrypted the server of a small Midwestern surgical practice and essentially held the information hostage in exchange for the password needed to regain access to the server.

According to a release issued by Surgeons of Lake County in Libertyville, Ill., the practice learned of the incident on June 25 when it discovered that an unauthorized user had gained remote access to a server containing Surgeons' corporate email and EMRs. The unauthorized user posted a message on the server stating that the contents of the server had been encrypted and could only be accessed with a password that would only be supplied if Surgeons made the demanded payment. Upon receiving the demand, the server was turned off and has not been turned back on.

The practice contacted law enforcement and began an investigation of the incident.

The breach affected the records of more than 7,000 patients, according to the U.S. Department of Health and Human Services (HHS). Although it occurred in June, the breach wasn't widely reported until it was posted on HHS' list of data breaches affecting 500 or more individuals and on the Privacy Rights Clearinghouse site.

In the wake of the incident, Surgeons is undertaking additional measures to strengthen and enhance its protocols to ensure the security of patient records, according to its release. "Safeguarding every patient's personal information is a top priority at the Surgeons of Lake County," said Scott C. Otto, MD, president of the practice. "We are devoting significant people and technological resources to help protect patient confidentiality."

Surgeons believes that the intention of the unauthorized access was to extort payment from Surgeons, not to take patient information, and Surgeons is not aware of any reports that the information contained on the server has been misused as a result of this incident.

Regardless, the unauthorized user had the ability to access names, addresses, Social Security numbers, credit card numbers and certain medical information; and, as a result, Surgeons has mailed notification letters to individuals who may have been affected. Surgeons is offering them one year of free credit monitoring services, as well as call center support.

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Around the web

If 25% tariffs go into effect, it could have a big impact on the cost of medical imaging and radiotherapy systems, with many manufacturing facilities in Mexico. 

U.S. cardiology groups have worked together to propose the creation of a new American Board of Cardiovascular Medicine for certifying cardiologists. Now, after many months of waiting, a final decision is expected by the end of February. 

GE HealthCare said the price of iodine contrast increased by more than 200% between 2017 to 2023. Will new Chinese tariffs drive costs even higher?