One of the most troubling aspects of many recent high profile cyber attacks has been the targeting of hospitals and medical offices. Seen as a treasure trove of high volume personal data, it should come as no surprise that another hack has hit a hospital. Decatur County General Hospital in Parsons, Tennessee, was recently the victim of a malware attack that potentially compromised 24,000 patients.
Part of what makes this particular hack so interesting is that it involves cryptocurrency mining malware. This form of attack is quickly becoming 2018’s version of ransomware in terms of sheer numbers of attacks and impact on computers. Legitimate cryptocurrency mining involves the transaction of this new digital currency, such as Bitcoin. When such a transaction is processed, then a cryptocurrency miner is tasked with the job of making sure that the transaction information is authentic; the miner then also updates the blockchain with the transaction.
The malware, however, secretly hijacks an infected computer and uses it to solve the mathematical equations that are used to determine who gets to mine the currency. The infected computer is being used to make money off of these transactions and redirect that money back to the original hacker. Generally, the most problematic issue for those infected is a slower computer and slight increase in power consumption. But these malware infections rarely carry just one type of malware and it can leave files open to other forms of hacking on the computer.
This is what concerned Decatur County General Hospital, leading them to inform their patients that their information might have been accessed. The hack, which was detected in November of 2017, focused on the hospital’s Electronic Medical Record server. This server contains data including patient names and social security numbers as well as home addresses and birthdates. Because of the potential data compromise, the hospital decided it was best to inform the patients.
All of this has now underscored the need to stay one step ahead of the hackers when it comes to cyber security. To avoid wasted hours of procuring data and keeping information secure, prevention is necessary. The key to success is to stay in front of the hackers and to be proactive instead of reactive.