The Emergence Health Network has revealed that it’s El Paso Center for Mental Health was the target of a cyberattack that may have compromised the personal details of some 11,000 mental health patients in Texas.
Non-profit Emergence Health Network (EHN) has stated in a press release [PDF] that its computer server was compromised in an unauthorized external breach. The compromised server is said to contain data of more than 11,000 patients in the mental health and intellectual disabilities center, leading EHN to send out letters to all patients who may have been compromised.
The details saved on the server include patients’:
- First and last name
- Date of Birth
- Social security number
- Case Number
- Information relating to services accessed from the healthcare network.
While the breach constitutes a potentially serious breach of patients’ personal privacy considering sensitive health conditions, treatments and the like, EHN insists that there is no reason to believe any medical records were compromised.
The letter [PDF] adds that the intrusion resulting in the breach may have been a successful unauthorized access attempt from 2012 and admits that the EHN only recognized signs of ‘strange activity on a computer server’ on August 18, 2015. Additionally, the Health Network confirmed that it is working with state and federal agencies to help in the investigation into the cyber crime.
A Spate of Cyberattacks Targeting the Healthcare Industry
Despite the massive cash-flow circulating within the industry, cybersecurity has not been much of a priority among healthcare firms and institutions, despite clearly appearing as large data banks for malicious hackers. Things are slowly changing, however, as the world wakes up to everyday headlines made from breaches affecting millions of people.
The single largest breach ever affecting a healthcare related company occurred earlier this year, with the Anthem breach. Some 80 million customer records were stolen from the insurance company and experts still can’t an estimate on the value of damages caused by the comprehensive breach.
Credit card information, financial details, and identity theft are the chief reasons for attackers to target healthcare companies which are seen as rich data banks of millions of people, by the hackers. It isn’t uncommon to find U.S. credit card companies looking at fraudulent transactions made using stolen credit card details in Europe and Asia, with the wide-reaching criminal infrastructure that actively buys and sells stolen users’ information on a global scale.
Suffice to say, security measures in healthcare and enterprise in general needs a rethink, beyond the expected increased in spending into cybersecurity globally, year on year.