While identity theft is the primary concern when the security of medical records is compromised, a disturbing new trend is emerging: hackers holding the data for ransom.
A recent case involved the Surgeons of Lake County, a medical practice in Libertyville, Ill., where hackers were able to access electronic medical records and emails, Bloomberg reported, citing a privacy blog Dissent Doe.
The hackers encrypted the records and demanded the practice pay money for a password to access the files. The practice declined to pay, shut down the server and notified authorities. It was unclear from the report whether the practice was eventually able to access its EHR records, or if so, how.
Bloomberg reporter Jordan Robinson calls the case “an unsettling new strain of opportunism that is emerging as criminals try to exploit the industry’s shift to digital medical records.”
In 2009 a hacker demanded $10 million from the state of Virginia after he or she claimed to have stolen and encrypted personal and prescription drugs for 8.3 million patients from the Virginia Prescription Monitoring Program, according to a report in Healthcare IT News. Wikileaks posted the ransom note.
In 2008 a hacker demanded money from the prescription-drug benefits manager Express Scripts after demonstrating it had personal information on a few dozen members, according to Bloomberg. The company refused to pay. And four years earlier several California hospitals were blackmailed after outsourcing their medical transcriptions overseas.
“This is a warning bell,” Santa Clara University law professor Dorothy Glancy told Bloomberg. “Maybe they’re the canary in the coal mine that unpredictable things can happen to data once it’s digitized.”
- Your Router Could Be Behind Lizard Squad’s Attacks
- The Man from Google Who Came to Fix Federal IT Still Doesn’t Have His Own Website
- Why Republicans are Desperate for a Net Neutrality Compromise
- Federal Cybersecurity Spending is Big Bucks. Why Doesn’t It Stop Hackers?
This article originally published at Nextgov