Texas hospital's EHR system suffers ransomware attack


Mount Pleasant Texas-based Titus Regional Medical Center (TRMC) is the latest victim of a cyberattack of its electronic health record system, with ransomware making it inaccessible, according to an article in The Daily Tribune.

The ransomware virus has encrypted files on several of TRMC's data base services, blocking TRMC's ability to enter or retrieve patient data in EHR. TRMC has implemented a conditional Hospital Incident Command System, and brought in a forensic specialist to deal with the problem. However, there was no indication if or when the virus neutralized. It also was not revealed how much money was demanded in ransom in order to unlock the cyberthief's encryption.

The healthcare industry is particularly vulnerable to cyberattacks by hackers and others, many of whom desire the medical data for its value on the black market. The FBI warned about this vulnerability in 2014. In 2015, the industry saw a sharp increase in cyberattacks, including a security breach suffered by Anthem that affected nearly 80 million people.

Ransomware is a different type of cyberattack; the hackers don't necessarily want the data but take control of the EHR and hold the data ransom. At least one attorney expects that both ransomware and phishing attacks on the healthcare industry will increase; what's more, Forrester Research predicts that ransom attacks will begin to target medical devices in 2016.

Unfortunately, many healthcare organizations still do not adequately protect their EHRs from security risks. Many of the audits and investigations conducted to assess compliance with the Health Insurance Portability and Accountability Act (HIPAA) have found that some basic, required safeguards, such as a risk analysis of vulnerabilities of electronic patient data, have not been conducted. Even encryption, which is very helpful in protecting EHR data, isn't totally secure, permitting an "alarming" amount of sensitive patient information to be exposed, according to a study published last fall by Microsoft researchers.

To learn more:
- here's the article

Related Articles:
OCR reaches $750,000 settlement with Cancer Care Group following 2012 breach
Phishing, ransomware attacks on health industry to rise
FBI warns healthcare of vulnerability to cyberattacks
Report: Ransomware attacks on med devices a real possibility in 2016
Encrypted EHR data subject to 'alarming' leakage
Why the Anthem breach won't be the industry's wakeup call