Cleveland’s MetroHealth System suffered a data breach when its computers were infiltrated by malware. According to the reports, 981 patients were notified that their PHI may have been compromised. The affected information includes patient names, dates of services, dates of birth, height, weight, medications administered during procedures, medical record numbers, case numbers (limited to only to that procedure), and cardiac catheterization raw data such as tracings of EKG and oxygen saturation.
Three computers in the facility’s Cardiac Cath Lab had malware, according to The Plain Dealer. The facility came to know about the breach on March 17, and patients who had procedures in the lab between July 14, 2014 to March 21, 2015 will potentially be affected. Financial information were not affected by the breach.
“MetroHealth has no evidence that the malware is used to obtain medical information,” MetroHealth said. “We sincerely apologize and regret that this situation has occurred.”
According to the statement:
In investigating the breach, the health system found that a business associate disabled antivirus software on the computers to facilitate a software update. There is no evidence that any health information was accessed.
The health system recommends that affected patients monitor account statements and any Explanation of Benefits statements related to the procedures.
In response to the breach, MetroHealth said it has strengthened procedures to protect patient privacy, including increased monitoring for malware and added antivirus update reviews, and revised software update procedures for the Cath Lab computers.
Get your personal as well as office laptops encrypted by Alertsec
Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.
Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.