Hackers target ACRMC

Patricia Beech - Champion Media

Officials at the Adams County Regional Medical Center say no patient information was compromised during a recent hacking incident at the medical facility.

Hospital administrators were informed on Wednesday, Jan. 30 that the facility’s information technology system was being targeted by an unknown, unauthorized third party.

The incident caused the temporary disabling of a variety of data storage and operational and communications systems, but failed to disrupt patient care.

In a Feb. 6 press release, hospital officials sought to assuage fears concerning private patient information that might have been at risk during the hacking incident.

“At this time, there is no evidence that any patient data has been compromised,” the press release noted, adding “We have been treating this issue with the highest priority…and…we remain dedicated to protecting the personal information of our patients.”

Officials also said no critical patient care equipment was impacted by the incident.

According to the ACRMC press release, there will be a full forensic investigation of the event, and steps will be taken to prevent future occurrences based on the investigation’s outcome and recommendations, including implementing security enhancements to further protect data”.

At present, the facility has restored secure IT operations in the emergency room and all clinical departments, and are

continuing to bring the remaining administrative systems and work stations back online.

Over the past decade multiple hospitals across the U.S. have come under cyber attack from hackers using crypto-ransomware which allows them to infiltrate hospital computer systems and demand ransom, in bitcoin, before returning access to the medical facility.

Insider sources told the Defender off the record that ACRMC was forced to pay a ransom, however no hospital official could be reached to confirm or deny that assertion.

According to Chubb, the world’s largest publicly traded property and casualty insurer, personal health information can be 10 times more valuable on the black market than data hackers obtain from retailers.

CNBC, in April 2018 reported that “unlike personal identifiable information— which might include a name, email address and password, credit card numbers or Social Security number — health information offers a wealth of additional data, including medical records. Health insurance ID numbers may also be tied to driver’s license numbers or financial information.

Chubb officials also said “personal health information hacks can also go on for years. A consumer can shut down her credit card quickly if it has been compromised; she can’t cancel her Social Security number or birth date.”

This allows hackers to harvest patient data and store it, often for years, to open illicit bank accounts or steal additional information.

Officials said the medical facility has engaged the services of an independent data forensics expert to help assess and resolve the effects of the hacking. Additionally, internal fallback procedures were activated to allow on-going, quality patient care while certain IT systems were unavailable.

The Defender contacted the Ohio Bureau of Investigation regarding the case, but had not received a response by press time.


Patricia Beech

Champion Media