- Erie County Medical Center (ECMC) has been battling a computer virus that was discovered on its computer system early Sunday morning, causing concern over the organization’s healthcare data security.
The hospital has voluntarily shut down its entire system to mitigate any further damage in response to the attack.
The FBI and state police cybersecurity investigators have been looking into the incident since Monday. ECMC also enlisted the help of its in-house health IT staff, as well as a private consultant to resolve the issue and restore all system functionalities.
The hospital stated all patient health records, financial information, and human resources records are securely saved in back-up storage, ensuring no infected data will be lost.
With all systems shut down, hospital staff members have been writing up patient admissions, prescriptions, and other daily tasks by hand.
"The hospital has a well-planned and prescribed back-up process in event of a situation like this," ECMC spokesman Peter Cutler told the Buffalo News. "What it has done is everything's more labor-intensive because everything has to be done manually."
Presently, hospital officials have not confirmed whether the virus is part of a ransomware attack or how many patients have been impacted by the incident.
Despite all computer systems being completely shut down, ECMC officials stated Tuesday that care delivery to patients and nursing home residents has not been negatively impacted in any way.
Furthermore, all incoming patients are being accepted, and all surgical procedures and patient visits are continuing on as scheduled.
Hospital spokespeople maintained there is no evidence any PHI has been misused in any way.
“Through the assessments that we have been running, we have seen no indication that there has been a compromise of patient health information,” Cutler told Upstate New York News.
Skin Cancer Specialists suffers data breach impacting 3.3K
Skin Cancer Specialists, PC (SCS) recently announced that it suffered a data breach in which an unauthorized third party gained access to electronic billing records containing patient data.
SCS discovered the incident on February 2, 2017 and said that the access first started on October, 15,
The incident may have impacted the health information of up to 3,365 patients, per the OCR data breach reporting tool.
Since discovering the breach, SCS immediately launched an investigation into the incident with the help of a cybersecurity investigation firm.
Information contained in the accessed billing records may have included patient names, dates of birth, addresses, telephone numbers, internal medical record numbers, and health insurance information.
The healthcare organization maintained no Social Security numbers or financial information were exposed in the incident.
“We are committed to the security of our patients’ information, and we are taking this opportunity to further strengthen and refine our security measures relating to our computer systems,” SCS explained in its statement. “We deeply regret any concern that this incident may cause our patients. “
Additionally, SCS stated no evidence currently exists to suggest any patient information has been misused in any way.
SCS mailed advisory notices to potentially impacted patients informing them of the incident and provided details regarding a call center the healthcare organization has set up to answer questions.