TRENDING:

Virus May Have Caused Unusual Breach

Beth Israel Deaconess Notifying 2,000 Howard Anderson (ismg_editor) • July 19, 2011    
Virus May Have Caused Unusual Breach
Beth Israel Deaconess Medical Center in Boston is notifying more than 2,000 of its patients about an unusual potential health information breach incident involving a computer virus that transmitted data to an unknown location.

The hospital reports in a website statement that a computer service vendor, which it declined to identify, recently failed to restore proper security controls on a computer after performing maintenance on it. The device, which was located in a locked room, was later found to be infected with the virus.

John Halamka, the hospital's CIO, told PHIPrivacy.net that the virus encrypted the data that it transmitted. "The reason we are reporting it is that we are not sure that a breach occurred, but because a virus sent some data from the radiology device to some location, we wanted to be very conservative and report a possible breach."

The computer did not contain patient's Social Security numbers or financial information. It did, however, contain patient names, medical records numbers, birth dates and the names and dates of radiology procedures that patients had undergone.

The hospital is offering affected patients one year's worth of free identity protection service.

Beth Israel Deaconess "shut down the computer immediately upon learning that it was infected with a computer virus," Halamka said in the website statement. "The computer was cleaned and all software re-installed to ensure the virus was no longer present. Updated security controls were also installed and activated to prevent viruses from being installed."

Halamka also said Beth Israel Deaconess "worked closely with its vendor representative to ensure that an incident such as this does not re-occur."

Under the HITECH Act breach notification rule, breaches must be reported to the individuals affected as well as the Department of Health and Human Services' Office for Civil Rights.

Previous
EHRs Play a Role in Disaster Recovery
Next
WellPoint Class Action Settlement Near

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience
Craig Box of ARMO on Kubernetes and Complexity
Craig Box of ARMO on Kubernetes and Complexity
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
Showing Evidence of 'Recognized Security Practices'
Showing Evidence of 'Recognized Security Practices'
Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration
The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices
Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks
David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance
Aité-Novarica's Cybersecurity Impact Award
Aité-Novarica's Cybersecurity Impact Award
Whistleblowing Brings Visibility to the Role of CISOs
Whistleblowing Brings Visibility to the Role of CISOs

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.