Official TEKConn Blog

Hackers ransom data stolen from Illinois medical facility

Managed IT support can help to prevent the theft of sensitive patient and employee information by cyber criminals.

Managed IT support can help to prevent the theft of sensitive patient and employee information by cyber criminals.

The benefits of electronic medical records (EMR) are well-known. They cut down on labor and office supply costs. They increase the efficiency of institutional operations and improve the quality of care medical professionals can provide to their patients.

Recently, hackers tried to exploit the healthcare industry's shift toward EMR by ransoming data stolen during a network infiltration of the Surgeons of Lake County medical practice in Libertyville, Illinois.

According to a Bloomberg report, the cyber criminals worked their way into the practice's computer systems, encrypted the data they found and posted a ransom note demanding payment in exchange for a password that would unlock the files. The doctors chose not to succumb to the illegal extortion, instead shutting down their own server and contacting the authorities.

"Safeguarding every patient's personal information is a top priority at The Surgeons of Lake County," said Surgeons President Scott C. Otto, M.D. in a press statement. "We are devoting significant people and technological resources to help protect patient confidentiality."

This attack illustrates a few salient points. First, the types of hacking being seen with increasing frequency these days is not being done by teenagers just looking for a few kicks. These are skilled individuals looking to exploit sensitive information for financial gain. Second, while imperative for healthcare institutions to protect their IT assets, they do not always have the ability to adequately do so on their own.

Managed IT support providers can handle infrastructure and 24/7 network security while a facility's in-house staff can focus on day-to-day operations. IT support for medical firms, especially security solutions, has to be a top priority. The industry is not going to stop its transition to EMR or health information exchange (HIE), and rightfully so. A comprehensive approach to safeguarding patient information is what all institutions should be looking to implement.