The vast majority of hospitals in the United States are not adequately prepared to deal with cyber threats. A recent malware attack on a small hospital in Colorado illustrates just how serious the consequences are for facilities who lack appropriate measures to defend themselves against these attacks.
Glenwood Springs-based Valley View Hospital recently announced it was the victim of a cyber attack where screenshots of hospital patient data were grabbed. The screenshots were hidden in an encrypted folder for potential transmission to criminals. According to a March 20 article on CSO Online, 5,400 patients were affected.
The problem came to light in January of this year, and the attack seems to have occurred in September of 2013. A third-party forensics firm investigated the situation and determined the malware that caused the attack was a screen grabber that stored the hospital patient data in an encrypted cache.
However, it should be noted that no medical data was captured by the screen shots and that there is no guarantee the information was transmitted beyond the facility’s network. According to the CSO Online article, the following data was grabbed in the attack:
- Addresses
- Dates of birth
- Social Security numbers
- Credit card data
- Patient numbers
- Hospital discharge dates
Measures being taken by Valley View Hospital to address the situation include an upgrade of its security system. Furthermore, the facility is in the process of notifying affected patients of the attack via mail.
Source: CSO Online — http://www.csoonline.com/article/750047/hospital-hit-by-screen-grab-trojan-that-attempted-to-steal-5-400-patient-records