Over 20 Total Lots Up For Auction at One Location - TX Cleansweep 06/25

Quest Diagnostics hacked, health info from 34,000 accessed

by Thomas Dworetzky, Contributing Reporter | December 14, 2016
Health IT Risk Management
In what is becoming alarmingly routine, there has been another digital hack of health care information.

“An unauthorized party accessed the MyQuest by Care360 internet application and obtained Protected Health Information (PHI) of approximately 34,000 individuals,” Quest Diagnostics stated in a release.

Data that was purloined included name, date of birth, lab results, and in some instances, telephone numbers, the company revealed. But apparently the cyber-thieves were unable to get hold of Social Security numbers, credit card, insurance or other financial information.

“There is no indication that individuals' information has been misused in any way,” said Quest Diagnostics.

The “intrusion” happened November 26.

Once the breach was uncovered, the company stated that “it immediately addressed the vulnerability.”

The lab company has taken the step of bringing in a “leading cybersecurity firm to assist in investigating and further evaluating the company's systems.”

Those impacted by the intrusion have been notified and the company has set up a number, (888) 320-9970, for contact about this situation.

This is just the latest in a string of cyber attacks in the health care arena.

In late October, Baystate Health in Massachusetts announced that on August 22, it “learned that a phishing email had been sent to several Baystate employees allowing hackers to access some employees’ email accounts.”

The breach let hackers access their accounts. Data on 13,000 patients was contained in the emails exposed to the cyberthieves.

In August, Arizona-based Banner Health announced it had been hit by a massive data hack beginning June 17. This had affected the records of as many as 3.7 million patients, health insurance plan members, food and drink customers, doctors and others.

The attack was uncovered by Banner on July 7, 2016.

It then established that the hackers may have broken into the computer systems that process payment-card data at food and beverage outlets at some Banner Health locations.

“The attackers targeted payment card data, including cardholder name, card number, expiration date and internal verification code, as the data was being routed through affected payment processing systems,” Banner stated.

In February, Hollywood Presbyterian Medical Center in Los Angeles fell prey to hackers, ultimately paying a $17,000 ransom to reclaim its computer network after an attack.

"The reports of the hospital paying 9000 Bitcoins or $3.4 million are false. The amount of ransom requested was 40 Bitcoins, equivalent to approximately $17,000," Hollywood Presbyterian wrote in a statement at the time. "The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this."

The cyber threat is exploding, according to a survey among 30 midsized hospitals conducted by cybersecurity firm, HITRUST. The study established that fully half the facilities had been forced to deal with a ransomware attack.

The trend is likely to keep growing because it is so profitable. The current value of a single patient record on the black market is estimated at around $20 to $60.

You Must Be Logged In To Post A Comment