Mercy Medical Center

Computer Virus Causes Data Breach

April 7th, 2016

Mercy Iowa City, an acute care hospital and regional referral center, recently suffered data breach  due to computer virus. Mercy Lowa City did not mention the number of affected individuals but the OCR data breach portal mentioned that 15,625 individuals were affected by the incident.

Mercy Iowa City came to know about computer virus on January 29. It had potentially infected some of its systems three days prior. The hospital now has secured the computer systems to prevent the spread of the virus.

“That’s a small percentage compared with the total number of patients the hospital serves”, said Margaret Reese, interim director of marketing and community relations and president of the Mercy Hospital Foundation. She said she did not know the total number of patients, adding that “it would be a huge number when you consider all of the many services.”

Internal investigation is carried out by forensics firm. Capturing personal data was the main motive of the computer virus. Thus it is believed that data breach has occurred.

Reese said Mercy has been working with federal law enforcement on its investigation. The hospital’s release said current safeguards have been enhanced to protect sensitive data. Reese said she could not comment on what the enhancements were.

According to the reports, unauthorized access to patients records by outside entity has resulted into the incident. which did not affect all Mercy Hospital and Mercy Clinic patients.

According to the statement, “Mercy deeply regrets any inconvenience this may have caused our patients. To help prevent something like this from happening in the future, we have enhanced our existing technical safeguards to protect patient information.”

Affected information included names, dates of birth, addresses, treatments, diagnoses, medication lists, names of health insurers, and health insurance policy numbers. Social Security numbers may also have been accessed for some patients.

“To help prevent something like this from happening in the future, we have enhanced our existing technical safeguards to protect patient information,” stated the press release.

The hospital also created a call center dedicated to answering questions about the data security event. Mercy Iowa City mentioned that there is no evidence patient information misuse.


Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Centura Health hit by phishing attack

April 29th, 2014


Mercy Regional Medical Center of Durango, Colo.  suffered data breach because of phishing attack. In the recent times, phishing attacks have become more complex. It is observed that it is difficult even for shrewd of users to pick out. Mercy which is owned by Centura Health notified 1000 patients about the incident. Data affected by phishing attack includes names, Social Security numbers, Medicare beneficiary numbers, addresses, dates of birth and phone numbers. It also includes protected health information (PHI) such as diagnoses, dates of service, names of a patient’s treating physician and medical-record numbers.

Statement of Centura read, “We became aware that a small number of employee e-mail accounts may have been accessible as a result of the phishing. We hired an outside forensics expert firm to perform a comprehensive review of the affected employees’ e-mail accounts and confirmed that some of the e-mails contained patient information and may have included patient demographic information and/or clinical information and in some instances Medicare Beneficiary number and Social Security number.”

According to reports, Mercy employees were the target of a phishing email attack in which the hackers tried to obtain user names and passwords.  Phishing email was carefully drafted which gave the impression of authentic communication which trapped some employees to reveal system login information.

“Those steps included immediately stopping the attack, performing an investigation and hiring an outside forensics expert to assist, reinforcing education to all employees regarding ‘phishing’ emails and continuing to implement enhancements for strengthening user login authentication,” the statement read which implies Centura taking steps to implement  and reinforce necessary protective measures to help prevent future occurrences.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta