80,000 Patients Records Compromised in Emory Healthcare Breach

Media Division | March 9, 2017

Patient medical records can actually be quite frequent targets for cyber attackers.  Records can be sold for significant amounts of money on the black market, and the purposes that these records could be used for are numerous.  For instance, they could be used to obtain home addresses, credit card numbers, or other types of private data.  Recently, Emory Healthcare, an Atlanta-based health system, was breached by a hacker around the beginning of the year.

What Was Affected in the Breach?

Emory had announced that their appointments system had been hacked and that the breach had affected 79,930 patients of their Orthopaedics and Spine Center, as well as their Brain Health Center.  Fortunately, officials from Emory have stated that the hack was not able to obtain financial information or social security numbers, but names, birth dates, internal medical record numbers, contact information, and appointment information was exposed. The hackers had removed the appointment database using ransomware, and then, of course, demanded a ransom for the restoration of the site.  Emory has not stated whether they paid the ransom for the return of their systems.

The breach had been discovered on January 3rd, and as a result, Emory is “reviewing and refining” their security for third party and internal computer systems.  Emory had also discovered that an unnamed security research center had breached the database as well.  This may have been the security research firm, MacKeeper, as they had posted a blog stating that they had discovered a poorly set up patient record database that seemed to belong to Emory Brain Health Center.

Patients that were affected include those who had appointments between December 6, 2016, and January 3, 2017, at the Brain Health Center, and between March 25, 2015, and January 3, 2017, for the Orthopaedics and Spine Center.  Emory had sent emailed alerts to all of those that were affected by the breach and also recommended that patients monitor their credit reports and account statements.

This is by no means the first compromise of patient medical records this year.  In fact, according to the U.S. Department of Health and Human Service Office for Civil Rights’ Breach Portal, 325,558 patient’s information has been compromised this year.  This system displays healthcare data breaches that have affected 500 or more people, which means that there could be more that were not reported due to being smaller.  Though, Emory’s breach is the largest single incident that has been reported in 2017.

Getting Your Organization Back on Track With Data Breach Solutions

Data breaches can be one of the most overwhelming situations for an organization to go through.  A single cyber attack incident can result in a plethora of negative effects and damages.  It can, in fact, cause an organization to fail if it is not handled appropriately and quickly.  There are a wide range of actions that need to be taken in the event of a breach to be able to successfully handled it.  When the ball is dropped in handling a data breach, an organization can not only lose money or data, but their reputation and trust can be destroyed in consumers eyes.  This is why an organization must be able to react quickly in beginning data breach solutions.  A cyber attack is often discovered some time after the breach actually happened, and some systems have likely already been affected.  But handling it with mitigation steps can help to prevent further damage, and get the organization back on track.  Massive Alliance’s data breach solutions can help your organization to begin reparative steps to recover from a breach.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.