Hack of Appointment System at Emory Healthcare Affects 80,000 Patient Records | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Hack of Appointment System at Emory Healthcare Affects 80,000 Patient Records

March 3, 2017
by Heather Landi
| Reprints

Atlanta-based Emory Healthcare has reported that in January a hacker demanded a ransom after accessing one of the health system’s appointment systems and deleting the appointment information database. The hack affected the records of about 80,000 patients.

In a statement posted on its website, Emory Healthcare said it’s Orthopaedics & Spine Center and Brain Health Center within Emory Clinic used an application called Waits & Delays to update patients regarding their appointments. “This database contained limited information used in updating appointment information including patients’ names, dates of birth, contact information, internal medical record numbers, and basic appointment information such as dates of service, physician names and whether patients required imaging (but not the type of imaging). The database did not contain patients’ Social Security numbers, financial information, diagnosis or other electronic medical record information,” the health system stated.

On January 3, 2017, the health system learned that there was unauthorized access to the appointment system around the New Year’s weekend after someone deleted the database and demanded a ransom to restore it.

“We learned that there was another unauthorized access by an independent security research center that searches out vulnerabilities in applications and traditionally notifies the company so that it can be remedied. Once EHC learned that this third-party database was accessed improperly, we immediately initiated an internal investigation, alerted law enforcement and are in the process of notifying impacted patients. Additionally, we are taking this opportunity to further review and refine our security measures relating to internal and third-party computer systems,” the health system stated.

According to the U.S. Department of Health and Human Services Office for Civil Rights (OCR) data breach portal, the Emory Healthcare breach was submitted on Feb. 21 and affected 79,930 people and was categorized as “hacking/IT incident.”

Emory Healthcare has reported that, currently, there is no indication that any patient information has been used inappropriately.

The incident impacted patients who either had an appointment at the Orthopaedics & Spine Center within Emory Clinic between March 25, 2015 and January 3, 2017, or had an appointment at the Emory Clinic Brain Health Center between December 6, 2016 and January 3, 2017.

 

 

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Culver Stepping Down as CEO of Maine HIE

Devore Culver, a well-known executive in health information exchange circles, is retiring from his position as CEO of Maine’s HIE, HealthInfoNet, after 11 years there. He will continue to serve as a senior consultant to the HIE.

ONC to Scale Back Oversight of EHRs With Updates to Health IT Certification

The Office of the National Coordinator for Health Information Technology (ONC) on Thursday announced two major changes to the ONC Health IT Certification program that signals it will relax its oversight of how well electronic health records (EHRs) meet government standards.

Protenus: Hacking Incidents are Quickly Discovered, But Insiders Go Undetected

A report on healthcare data breaches in July and August finds that while hacking incidents are quickly detected, insider breach incidents continue to go unnoticed, which can have a significant impact on healthcare organizations and patients.

Survey: Hospital CEOs See Digital Innovation as Critical, But Significant Roadblocks Remain

More than 75 percent of C-level executive healthcare leaders believe that digital innovation is important to an organization’s long-term strategy, but more than half acknowledge that they are holding off on innovation due to lack of capital and fear of creating unintended operational burdens.

New Patient-Centered Studies Take Advantage of PCORnet Infrastructure

The Patient-Centered Outcomes Research Institute (PCORI) board of governors recently approved $27 million in grant funding for several patient-centered research studies that take advantage of the expanding informatics infrastructure of PCORnet.

Nurses, Physicians Use Personal Devices Even When BYOD is Prohibited

Some seven in 10 (71 percent) hospitals now allow BYOD (bring your own device) in the workplace, according to a new survey, which also found that some healthcare professionals use personal devices for work even when BYOD is not allowed.