Blog

September 2017 – Cyber Security Summary

Posted by Ashley McCool on October 12, 2017 in Blog, News

The amount of healthcare breaches has increased slightly since August 2017, yet individuals/records affected has decreased during this same time period. In the month of August, healthcare providers experienced 28 breaches with 695,225 individuals/records affected; yet in September, healthcare providers experienced 36 healthcare breaches with only 445,702 individuals/records affected. Contributing to these breaches in September were a few phishing schemes, a stolen laptop, and a data hack exposed via Twitter.

 

Since the beginning to the year

Since the beginning of 2017, there have been 1,080 total data breaches causing almost 171 million records to be compromised. Out of those, the healthcare industry accounted for 289 breaches and about 4.6M records compromised. The healthcare industry experience 26.8% of total breaches and 2.7% of records compromised.

 

SMART Physical Therapy Hack Exposed via Twitter

A hacking group known as TheDarkOverlord announced a successful attack on a U.S. healthcare provider, SMART Physical Therapy. The hack reportedly occurred on September 13, 2017, with the announcement of the data theft disclosed by TDO on Twitter on September 22, 2017. The database contained a wide-range of information on 16,428 patients, including contact information, dates of birth, and Social Security numbers.

 

Network Health Phishing Attack Impacts Over 51,000 Plan Members

Network Health notified 51,232 of its plan members that some of their protected health information (PHI) has potentially been accessed by unauthorized individuals. In August 2017, some Network Health employees received sophisticated phishing emails. The compromised email accounts contained a range of sensitive information including names, phone numbers and addresses, dates of birth, ID numbers, and provider information. The company took prompt action by contact Federal law enforcement officials. Network Health is offering one year of free identity theft protection and monitoring to affected customers.

 

Stolen Laptop from Mercy Health Love County Hospital and Clinic Leads to Credit Card Fraudulence

On June 23, 2017, the hospital discovered an employee had stolen a laptop computer and paper records from a storage unit used by the hospital. The theft of PHI was initially investigated by the Love County Sheriff’s Office and revealed the former employee had used the stolen information to fraudulently obtain credit cards in the patients’ names. A second individual is also understood to have been involved. Only ten patients were directly affected and we notified immediately.

 

Two Employees Hooked By Phishing Attack at Morehead Memorial Hospital, 66,000 Patients Impacted

Morehead Memorial Hospital in Eden, NC has announced two employees have fallen victim to a phishing attack that resulted in an unauthorized individual gaining access to their email accounts. The types of information exposed includes names, health insurance payment summaries, health insurance information, treatment overviews, and a limited number of Social Security numbers. After the discovery, the hospital performed a network-wide password reset. Phishing scams like this happen often in the healthcare field, as emails are sent to healthcare employees that look authentic and once a link is clicked on and login details are entered, it provides hackers with the credentials to login to those accounts. The hospital reported that the breach impacted roughly 66,000 patients and it was reported to the FBI, Department of Homeland Security and Office of Civil Rights.

 

 

What is Meaningful Use of EHR?

Posted by Ashley McCool on September 14, 2017 in Blog, News

In 2009, the US Government introduced the Meaningful Use Program (the Program) as a part of the “Health Information Technology for Economic and Clinical Health (HITECH) Act”, to help modernize our nation’s infrastructure, including medical records which have long been recorded by hand. This was an effort led by the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health IT (ONC). Defined as a program that encourages healthcare providers to show “meaningful use” of certified Electronics Health Record (EHR) technology, Meaningful Use encourages healthcare providers to switch from paper charts to electronic records, improving efficiency, safety, and providing an overall better care to patients.

Implementation

Providers must follow a set of criteria that serves as a roadmap of effectively using and EHR. The Program was implemented over a series of three stages over a five year span.

Stage 1 (2011-2012): Promotes basic EHR adoption and data gathering.

Stage 2 (2014): Emphasizes care coordination and exchange of patient information; advancing clinical processes.

Stage 3 (2016): Improves healthcare outcomes. This stage is now set to begin as an optional requirement for physicians and hospitals in 2017 and required in 2018.

*After the initial start of the program, Stage 1 was updated and is now considered “Modified Stage 2.”

Incentive Plan

Healthcare providers that participate in the Program and meet reporting requirements are awarded with incentive payments, granted by CMS. Those payments can reach up to $44,000 for individual physicians and other eligible healthcare professionals through the Medicare Meaningful Use program, or up to $63,750 through the Medicaid Meaningful Use program.

Penalties

Eligible providers not participating in the Program by the beginning of 2015 are penalized by receiving less than 100 percent of their Medicare fee schedule for their professional services.

Outcome

Ultimately, complying with the Program will result in better clinical outcomes, improved population health outcomes, increased transparency and efficiency, empowered individuals, and more robust research data on health systems.

 

For more information on Meaningful Use, visit the CDC’s website.

 

 

July 2017 – Cyber Security Summary

Posted by Julia Foster on August 4, 2017 in Blog

The amount of healthcare data breaches in July was off-the-chart.  At 46 breaches, July had the highest number of breaches in 2017!  July accounts for 20.5% of all 2017 healthcare data breaches; to put that in comparison, before July there was an average of 25 breaches per month. The 46 breaches caused 572,678 records to be compromised. Contributing to these breaches were an identity theft scheme, a not-so-average phishing email, a threat that was undetected for over a year and a double attack.

 

Since the beginning to the year

Since the beginning of 2017, there have been 881 total data breaches causing almost 17 million records to be compromised. Out of those, the healthcare industry accounted for 224 breaches and about 3.5M records compromised. The healthcare industry experience 25.4% of total breaches and 20.8% of records compromised.

 

Identity-Theft Scheme

10 hard-copy medical records were stolen when a county hospital in Oklahoma’s storage building was broken into.  On Thursday July 20th local authorities were able to connect the break-in to two individuals, who were arrested in June 2017 for identity theft.  The suspected thief worked for the County Hospital as a licensed practical nurse. It is reported, after leaving the hospital in early 2017, the suspect returned to the hospital to steal personal patient information. The ex-employee and accomplice, were arrested after the discovery of evidence that linked the partners to numerous reported identity thefts totaling over $300,000. The hospital has taken all necessary steps ensure security of the building in the future and is offering the 10 affected patients free credit support.

 

‘Phishing’ for Cash

In the beginning of July, a university medical center in California reported a breach affecting nearly 15,000 people. Hackers gained access to medical center employees’ accounts through a phishing email. Once they gained access to the accounts, hackers impersonated account owners to send emails to other employees.  The hack was discovered when accounts were used to request large amounts of money. While there is no evidence to show personal information was acquired, the hackers had potential access to personal information such as names, addresses, phone numbers, medical record numbers, diagnoses and SSNs.  The medical center is evaluation its security measures and offering identity and credit protection services to patients who were possibly affected.

 

15 months undetected

While investigating into a recent ransomware attack a Georgia-based neurological clinic found a 15-month breach.  While the clinic was able to restore all information without paying a ransom, during the process they found that hackers had potential access to names, SSNs, driver’s licenses, addresses, phone numbers, medical data, prescriptions and health insurance information from February 2016 through May 2017. It is unknown if any of this personal information was accessed, but the clinic is offering identity theft protection services to patients affected by the breach.

 

Double Whammy

A senior living community reported a second ransomware attack on July 5th. The senior living community, located in Texas, originally reported a breach in May of this year. While investigating into the original attack they found a second ransomware attack. Luckily, the second attack was detected the same day it was discovered and they immediately took action and expanded their investigation to include the scope of the second attack. There is nothing suggesting that hackers accessed personal, but they potentially had access to SSNs, driver’s license numbers, birth dates, addresses, phone numbers, medical record numbers, payment information, health insurance information, and clinical information related to residents.

 

Cyber Security Summary – June 2017

Posted by Julia Foster on July 18, 2017 in Blog, News

Cyber Security Summary – June 2017

While June was less eventful than May, it was still a big month regarding healthcare cyber security.  June is right in line with the 2017 monthly median for healthcare data breaches, but it is almost three times over the monthly median for records compromised. In June 2017 there were 26 healthcare data breaches and approximately 661,055 individuals affected by these breaches.

Since the beginning of the year
From the beginning of January through the end of June, there has been a total of 12,389,462 records compromised and 791 data breaches. Of those data breaches the healthcare industry, with 178 breaches and over 3 million records compromised, accounted for 22.5% of data breaches and 24.3% of records compromised.

 

Notable Incidents

Non-secure disposal of information
A Texas-based hospital notified patients about a possible security breach this month. This notification to patients was a result of a box of medical forms with PHI being found near an unsecured dumpster.  This incident, that may have affected 1,842 patients, gave unauthorized access to patient information including names, birth dates, case numbers and phone numbers.  It is unsure if additional information including mailing addresses, SSNs, health information and financial numbers were included in these forms. While there is no evidence to show these forms are being used maliciously, the organization offered concerned patients one year of free credit monitoring and are reviewing their current processes of PHI disposal to make any necessary changes.

 

Compromised while making education material
A Children’s Hospital in Missouri discovered a security threat through an unauthorized website that contained PHI collected by a hospital physician. The physician was using the information to create an educational resource. While the records were password protected the hospital considered the security measures in place insufficient. If an unauthorized individual or group accessed the site they would have  potentially been able to access sensitive information including names, medical records numbers, gender, dates of birth, encounter number, age, height, weight, body mass index, admission dates, discharge dates, procedure dates, diagnostic and procedure codes, and brief notes. The hospital took down the website immediately after it was discovered.

Health records found on side of the road
A healthcare organization in Tennessee misplaced documents that contained patient names, dates of birth, admitting diagnoses, account numbers and physician names. Luckily these records were found on a rural road in the area.  Further investigation revealed that documents did not include SSNs or medical records.

 

Cyber Security Summary – May 2017

Posted by Julia Foster on June 16, 2017 in Blog, News

Cyber Security Summary –  May 2017

In the cyber security world, May was an extremely eventful month due to the largest ransomware attack to date, occurring worldwide. Luckily, this outbreak only had minimal effects on the United States healthcare industry. For cyber security in the US healthcare industry, May turned out to be a fairly average month in terms of total breaches, but extremely high when it comes to the amount of records compromise. Throughout May there were approximately 30 healthcare breaches and 900,000 records compromised.* Some major cyber security breaches included the global WannaCry ransomware outbreak, TheDarkOverlord stealing (more) health records and a simple URL change exposing personal information.

 

From the Beginning of the Year:

Since the beginning of 2017 through May 2017, there have been 724 data breaches and nearly 11 million records compromised. The medical/healthcare industry accounts for 23% of records compromised, with nearly 2.5 million records, and 22% of breaches with 159 breaches.*

Major Cyber Security Activity

Wannacry

The WannaCry outbreak was the largest ransomware attack to date! Over the course of one weekend the virus infected approximately 200,000 computer systems in 150 different countries. The ransomware targeted vulnerabilities in Microsoft Windows computers. Britain’s National Health System runs on Windows XP making its hospitals one of WannaCry’s largest victims.  Over 40 U.K. hospitals’ systems were paralyzed by the attack.  While the WannaCry attack did not hit healthcare systems in the US as hard, it was reported that numerous US medical devices were infected.

Although the attack effected so many different computer systems it is reported that the hackers only made $50,000. Which is a rather small amount for the high quantity of systems they took control of (for reference in 2016 a hospital in Hollywood paid $17,000 to a hacker to release one system.) Luckily, the attack was stopped by a hacker group known as “Shadow Brokers” and any new waves of WannaCry are not as harmful as the original.

TheDarkOverlord….. is back

The hacker know as, TheDarkOverlord is back.  This particular hacker or hacker group (it is still unknown if TheDarkOverlord is working alone or as a group), who is responsible for numerous other healthcare attacks including the breach of 9.3 million records from a health insurer, stole and released 180,000 patient healthcare records. These records were stolen from a New York based dentist, California’s OC Gastrocare and a Surgery Center in Florida. In TheDarkOverlord fashion, these records were made accessible to the public on Twitter. The database of records contained information such as medical conditions, insurer details, Social Security numbers, birth dates, and payment information.  TheDarkOverlord does not only specialize in extorting healthcare organizations, they are credited for leaking the newest season of Netflix’s show, Orange is the New Black.

A Simple URL Change

A glitch in a large healthcare organization’s online patient portal was giving unauthorized access to patient information with a simple change of a URL.  While this problem was reported in April 2017, it was not entirely fixed until May.  In April a patient portal user reported that when looking at their personal health records, they were able to access other’s records without a username or password by changing a number is the web address.  When accessing these records users could see, names, birthdates, addresses and information that may point to specific diseases. Once the issue was brought to light the organization immediately shut down the patient portal and corrected the problem.

*Values are approximate, based from a report release on June 6th, 2017 by the Identity Theft Resource Center

Sources:

http://www.idtheftcenter.org/

http://www.breitbart.com/big-government/2017/05/15/top-15-things-to-know-about-the-wannacry-global-ransomware-hacker-attack/

https://www.databreaches.net/

http://variety.com/2017/digital/news/orange-is-the-new-black-season-5-hackers-leak-explained-netflix-1202406623/

http://www.healthcareitnews.com/news/thedarkoverlord-honors-threat-exposes-180000-patient-records

http://www.healthcareitnews.com/news/thedarkoverlord-honors-threat-exposes-180000-patient-records

http://www.healthcarefinancenews.com/news/molina-healthcare-shuts-down-online-patient-portal-over-potential-data-breach

 

April 2017 Cyber Security Summary

Posted by Julia Foster on May 4, 2017 in Blog

April 17 CoverApril 2017 Cyber Security Summary

After the crazy month of March, the cyber security world seemed to settle down a little bit in April. April consisted of 21 total healthcare breaches and 122,877 records compromised which included a stolen laptop, a stolen vehicle, and a ransomware attack.

Screen Shot 2017-05-04 at 11.10.52 AM

Since the beginning of the year:

So far 2017 has had 558 total data breaches and almost 10 million records compromised! The healthcare industry has accounted for around 23% of those with 126 healthcare breaches and around 1.5 million records!

 

Some notable attacks included:

Stolen Laptop

A large health system in Rhode Island has notified over 20,000 patients of compromised personal information. The information was access and from an unprotected laptop that was stolen from an employee’s car. The laptop was used to store emails that may have contained patient information including names, medical record numbers, demographic information, and prescribed medications. At this time, there is no indication that the information has been used by the hackers.

Ransomware Attack

Last month, a small practice in Kentucky was attacked by cyber criminals. Their system was placed under a ransomware attack which resulted in their patient’s ePHI being encrypted. Almost 20,000 patient’s records were encrypted and inaccessible, but after two days of system downtime, the practice was able to recover the encrypted data from backups. Luckily, the practice did not have to pay the ransom that the hackers were demanding since the system was backed up.

Stolen Vehicle

In Montana, a health screening provider had to notify over 15,000 patients of a data breach after a facility owned vehicle was stolen on the way to a health fair. The stolen vehicle contained a flash drive which contained demographic information of health fair participants. Although there is no evidence of the information being misused, the organization offered a credit monitoring service to those affected.

growing your business

 

 

07_linkedin 02_facebook 01_twitter 13_pinterest 10_instagram

Egg-stremely, Egg-cellent ICD-10 Codes for Easter

Posted by Julia Foster on April 14, 2017 in Blog

Spring brings Easter and like most holidays there are ICD-10 for the occasion, keep an eye out for these codes:

Egg #2R73.9- Hyperglycemia, unspecified
You might be needing this code after eating an Easter basket full of chocolate and  jelly beans.

 

Egg #3W01.0XXA- Fall on same level from slipping, tripping and stumbling
One of the greatest Easter pastimes is egg hunts.  Be careful, you don’t slip, trip or stumble while looking for the golden egg.

 

Egg #1

F40.218- Animal type phobia
Face it, kids aren’t the only ones afraid of the giant bunny at the mall.

 


Egg #5

Z91.012- Allergy to eggs
If you didn’t know it before, you might discover this allergy.

 

Egg #4


W61.33XA- Pecked by chicken
Baby animals, including chicks, are icons of Easter.

 

March 2017 Cyber Security Summary

Posted by Julia Foster on April 6, 2017 in Blog

 

March 17 Cover

March 2017 Cyber Security Summary

March has been the most eventful month for healthcare cyber security since the beginning of the year. With 27 individual breaches, the number of records compromised in March was more than triple the number of records compromised in January and February combined! Some of the most notable breaches include a former employee stealing records, a ransomware attack, and a phishing scam.

What Happened in March

Screen Shot 2017-04-06 at 3.12.01 PM

Cyber Security Breaches in 2017:

So far in 2017, there have been 410 total data breaches, and 99 of those have been healthcare related. There have been 6,862,337 total records compromised this year, with 22% of them being in the healthcare industry.

Notable breaches in March:

2017 Largest Data Breach
With almost 700,000 records compromised, a Kentucky healthcare facility had the largest healthcare data breach this year. The breach occurred when a former employee obtained, without authorization, patient information on an encrypted CD, and encrypted USB drive. The information on the drive included names, addresses, Social Security numbers, and insurance information. The investigation indicates that she “intended to use these records to assist in the development of a computer-based tool for an outside business interest which had never been disclosed to the hospital.”

Ransomware Attack
A medical center in Austin notified nearly 300,000 of their patients of a data breach incident that took place at their facility. The breach was caused by a ransomware attack on the system, luckily the attack was detected early, so it did not cause too much harm to the system. However, the hackers still had the potential to access names, addresses, dates of birth, Social Security information and medical information. Many times these types of attacks are not intended to misuse the patient information, but to lock the hospital out and force them to pay a ransom to regain access. The medical center still decided to provide identity theft monitoring services as an extra caution for patients.

‘Phishy’ Emails
A number of employee email accounts were compromised at a hospital in Washington due to a phishing attack. Phishing emails are sent in attempt to trick users into revealing sensitive information. In this case, the hackers were able to gain access to over 80,000 patient’s information. The attack was not realized for more than seven weeks after it occurred giving the attackers lots of time to access or steal information. The hospital has notified the patients who were affected and is also taking steps to reeducate their employees on the dangers of phishing emails.

 

March Cyber Security Infographic

 

07_linkedin 02_facebook 01_twitter 13_pinterest 10_instagram

Health Information Professional (HIP) ‘Fill in the Code’ Challenge

Posted by Julia Foster on March 24, 2017 in Blog, News

HIP Week Fill in the Code Challenge- Blog Banner

Health Information Professionals Week is March 26th – April 1st, 2017! In honor of HIP week, Excite Health Partners will be hosting HIP Week ‘Fill in the Code’ Challenge. Enter each day for your chance to win a $10 gift card or the grand prize, pictured below!

 
-The Details-Each week day during HIP Week at 3:00 pm (EST), we will post a joke on our Facebook, Twitter and Instagram pages with one word missing.  The missing word will be replaced with an ICD-10 code. You can participate by telling us what the missing word is. Each daily winner will receive a $10 gift card to their choice of Dunkin’ Donuts, Starbucks or Panera Bread. All correct answers will be submitted into a drawing for the daily prize and all daily entries will be combined for the grand prize drawing. The grand prize winner will be selected April 3rd at 3:00 pm EST.

 

 

How to enter & the rules

To enter the contest message us your answer. Answers must be sent before the following day at 3:00 pm EST when the next joke is posted.  You may only answer once a day, but you can receive up to 3 additional daily entries by tagging friends in daily posts (1 entry per tagged friend and the same friend cannot be tagged more than once).  Make sure you like our Facebook page, following us on Twitter and follow us on Instagram. Good Luck! Email info@excitehp.com if you have any questions!

 

 

The Grand Prize

Prize

The grand prize, which is pictured above, includes a Vera Bradley beach tote,  Kate Spade sticky note set, a waterproof Bluetooth speaker, beach towel, Essie spring mini collect, Starbucks tumbler, light blue Rtic tumbler and more!

07_linkedin 02_facebook 01_twitter 13_pinterest 10_instagram

February 2017 Cyber Security Summary

Posted by Julia Foster on March 8, 2017 in Blog, News

Feb Cyber Security

February 2017 Cyber Security Summary

February consisted of a ransom attack, a break-in and a breach from inside the system, all which contributed to 21 total healthcare breaches and nearly 80,000 records compromised.

feb graph

Since the beginning of the year:

There have been 1,288,302 million total records compromised since the beginning of 2017, and over half of them have been healthcare records. Of the 279 total data breaches, 72 of them have occurred in the healthcare field.

February’s most notable healthcare breaches:

The Internal Employees
A pair of patient transporters accessed over 3,000 medical records from a university-based hospital in Tennessee. The two employees looked at 3,247 medical records between May 2015 and December 2016. They were able to see personal information such as demographics, medical record numbers, and social security numbers. As of now, there is no evidence that the information was downloaded or printed. However, the medical center is still taking proper precautions and sending letters to patients notifying them of the breach.

Appointment System
A Georgia-based health system fell victim to a ransomware attack that included almost 80,000 patients’ records. The information was accessed through the system’s appointment software “Waits and Delays.” The hackers were able to remove the appointments database and then demanded a ransom to restore the site. It is not evident if the health system paid it or not. The information stolen included names, dates of birth, contact information and appointment information. Since becoming aware of the breach, the hospital has notified all of the patients who were affected by the breach and encouraged them to keep an eye on their financial statements and credit reports.

Break In
7,000 patient records were stolen during a break-in at a healthcare provider’s office in Kansas. The break-in had occurred at approximately 5:00 am before the facility opened. The intruder gained access by breaking a window and stole a desktop computer and a printer. The computer contained many non-encrypted appointment notes dating back to 2002 and 2003. The information in the notes varied, but some consisted of names, dates of birth and diagnoses and orders.

Feb Infographic

07_linkedin 02_facebook 01_twitter 13_pinterest 10_instagram