Have an account? Please log in.
Text size: Small font Default font Larger font
Radiology Daily
Radiology Daily PracticalReviews.com Radiology Daily

Zombie Imaging Computer Steals Mystery Data

July 21, 2011
Written by: , Filed in: Practice Management
  • Comments

In an incident that illustrates just how vigilant medical offices must be about safeguarding data, Beth Israel Deaconess Medical Center (BIDMC) in Boston caught one of its radiology workstations transmitting data to an unknown location via the Internet.

The computer wasn’t even supposed to connect to the Internet. The hospital said a vendor failed to restore proper settings to the machine after doing routine maintenance. Thus accidentally freed of its electronic restrictions, the workstation connected itself to the Internet without benefit of antivirus software or other protection. Predictably, it was infected with malware that caused it to encrypt data and transmit that data to some virtual destination that will probably never be identified.

Beth Israel, a major teaching hospital affiliated with Harvard University, announced the security breach on Monday. It has been notifying 2,021 radiology patients that their private information may have been compromised. Data on the workstation included medical record numbers, sex, date of birth, radiological procedures undergone, and patient names—but not Social Security numbers or financial information, the hospital said.

Because the malware encrypted the data before transmitting it, Beth Israel isn’t sure what personal records escaped—if any. Health Data Management magazine quoted Beth Israel’s chief information officer, John Halamka, MD, as saying:

It could be nothing but operating system information was transmitted, but we don’t know.

Beth Israel has given the 2,021 possibly affected patients “access to state and federal resources, a toll-free telephone number, 877-615-3765, and one year of identity protection services, at no charge to them,” the hospital said in a news release.

Dr. Halamka said Beth Israel shut down the computer as soon as the hospital discovered the breach, scrubbed the computer of malware, and installed “updated security controls.” He added: “BIDMC has also worked closely with its vendor representative to ensure that an incident such as this does not re-occur.”

Yes, very closely, we’re sure. Very closely and emphatically.

Protecting sensitive data will only get more difficult as electronic health records and other technological entanglements become more pervasive. Said Dr. Halamka:

It’s a Cold War, and I spend a million dollars a year trying to protect our information systems from the Internet.

Related seminar: Radiology Review Course


Permalink: http://www.radiologydaily.com/?p=6851


  • No Related Posts
  • Comments

Would you like to keep current with radiological news and information?

Post Your Comments and Responses

Comments are closed.