Hackers Breach Emory Healthcare's Patient Records

Emory Healthcare's online appointment system has been hit with a cyberattack earlier this year, affecting the records of some 80,000 patients. After removing the appointments database, the hackers demanded a ransom to restore the site. Emory did not say whether it paid the ransom.

See Also: Ransomware Seen as Medical Device Cybersecurity Threat

The Atlanta-based health system said the breached database did not include financial information and social security numbers. However, the attack exposed names, birth dates, contact information, internal medical record numbers and appointment information.

Around the time of the cyberattack, Emory Healthcare discovered an unnamed security research centre also breached the database. The firm looks for security weaknesses, according to Emory.

Security research centre MacKeeper has said in a blog post that it uncovered a poorly configured patient record database that seemed to belong to Emory Brain Health Center.

Following the breach, Emory said it is "reviewing and refining" its security measures for internal and third-party computer systems. Also, mailed alerts have been sent to the affected patients, who were people who had appointments between 25 March 2015 and 3 January 2017 at the Orthopaedics and Spine Center, and between 6 December 2016 and 3 January 2017 at the Brain Health Center. Emory Healthcare recommends that patients keep an eye on their account statements and credit reports.

So far this year, 325,558 patients' data have been breached, and most of these data were from healthcare providers, according to the U.S. Department of Health and Human Service Office for Civil Rights' Breach Portal, which displays breaches of health data that affect 500 or more people. Emory's hack is the largest single incident reported in 2017.

Source: Modern Healthcare
Image Credit: Pixabay