Virus May Have Caused Unusual Breach

Beth Israel Deaconess Notifying 2,000
Virus May Have Caused Unusual Breach
Beth Israel Deaconess Medical Center in Boston is notifying more than 2,000 of its patients about an unusual potential health information breach incident involving a computer virus that transmitted data to an unknown location.

The hospital reports in a website statement that a computer service vendor, which it declined to identify, recently failed to restore proper security controls on a computer after performing maintenance on it. The device, which was located in a locked room, was later found to be infected with the virus.

John Halamka, the hospital's CIO, told that the virus encrypted the data that it transmitted. "The reason we are reporting it is that we are not sure that a breach occurred, but because a virus sent some data from the radiology device to some location, we wanted to be very conservative and report a possible breach."

The computer did not contain patient's Social Security numbers or financial information. It did, however, contain patient names, medical records numbers, birth dates and the names and dates of radiology procedures that patients had undergone.

The hospital is offering affected patients one year's worth of free identity protection service.

Beth Israel Deaconess "shut down the computer immediately upon learning that it was infected with a computer virus," Halamka said in the website statement. "The computer was cleaned and all software re-installed to ensure the virus was no longer present. Updated security controls were also installed and activated to prevent viruses from being installed."

Halamka also said Beth Israel Deaconess "worked closely with its vendor representative to ensure that an incident such as this does not re-occur."

Under the HITECH Act breach notification rule, breaches must be reported to the individuals affected as well as the Department of Health and Human Services' Office for Civil Rights.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Howard J. Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 34 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network