Mount Pleasant Texas-based Titus Regional Medical Center (TRMC) is the latest victim of a cyberattack of its electronic health record system, with ransomware making it inaccessible, according to an article in The Daily Tribune.
The ransomware virus has encrypted files on several of TRMC's data base services, blocking TRMC's ability to enter or retrieve patient data in EHR. TRMC has implemented a conditional Hospital Incident Command System, and brought in a forensic specialist to deal with the problem. However, there was no indication if or when the virus neutralized. It also was not revealed how much money was demanded in ransom in order to unlock the cyberthief's encryption.
The healthcare industry is particularly vulnerable to cyberattacks by hackers and others, many of whom desire the medical data for its value on the black market. The FBI warned about this vulnerability in 2014. In 2015, the industry saw a sharp increase in cyberattacks, including a security breach suffered by Anthem that affected nearly 80 million people.
Ransomware is a different type of cyberattack; the hackers don't necessarily want the data but take control of the EHR and hold the data ransom. At least one attorney expects that both ransomware and phishing attacks on the healthcare industry will increase; what's more, Forrester Research predicts that ransom attacks will begin to target medical devices in 2016.
Unfortunately, many healthcare organizations still do not adequately protect their EHRs from security risks. Many of the audits and investigations conducted to assess compliance with the Health Insurance Portability and Accountability Act (HIPAA) have found that some basic, required safeguards, such as a risk analysis of vulnerabilities of electronic patient data, have not been conducted. Even encryption, which is very helpful in protecting EHR data, isn't totally secure, permitting an "alarming" amount of sensitive patient information to be exposed, according to a study published last fall by Microsoft researchers.
To learn more:
- here's the article