The Emergence Health Network has revealed that its El Paso Center for Mental Health was the target of a cyberattack that may have compromised the personal details of some 11,000 mental health patients in Texas.
Non-profit Emergence Health Network (EHN) has stated in a press release that its computer server was compromised in an unauthorized external breach. The compromised server contains data of more than 11,000 patients in the mental health and intellectual disabilities center, leading EHN to send out letters to all patients who may have been compromised.
The details saved on the server include the patients’:
- First and last name
- Address
- Date of Birth
- Social security number
- Case Number
- Information relating to services accessed from the healthcare network.
While the breach constitutes a potentially serious breach of patients’ personal privacy considering sensitive health conditions, treatments, and the like, EHN insists there is no reason to believe any medical records were compromised.
The letter adds that the intrusion resulting in the breach may have been a successful unauthorized access attempt from 2012 and admits that the EHN only recognized signs of ‘strange activity on a computer server’ on August 18, 2015. Additionally, the Health Network confirmed that it works with state and federal agencies to help in the cybercrime investigation.
A Spate of Cyberattacks Targeting the Healthcare Industry
Despite the massive cash flow circulating within the industry, cybersecurity has not been much of a priority among healthcare firms and institutions, despite clearly appearing as large data banks for malicious hackers. However, things are slowly changing as the world wakes up to everyday headlines from breaches affecting millions.
The largest breach ever affecting a healthcare-related company occurred earlier this year, with the Anthem breach. Some 80 million customer records were stolen from the insurance company, and experts still can’t estimate the value of damages caused by the comprehensive breach.
Credit card information, financial details, and identity theft are the chief reasons for attackers to target healthcare companies which are seen as rich data banks of millions of people, by the hackers. It isn’t uncommon to find U.S. credit card companies looking at fraudulent transactions made using stolen credit card details in Europe and Asia, with the wide-reaching criminal infrastructure that actively buys and sells stolen users’ information globally.
Security measures in healthcare and enterprise, in general, need a rethink beyond the expected increase in spending on cybersecurity globally, year on year.
Featured image by Khakimullin Aleksandr from Shutterstock.com