Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Hospital system's cardiac cath lab computers hacked

Reprints

A Cleveland-based hospital system said hackers had used malware to obtain personal information on 981 patients over an eight-month period, although there is no evidence the information was misused.

The MetroHealth System said in a statement last week that it had discovered malware on three computers in its cardiovascular lab that appears to have infiltrated these computers during the period between July 14 and July 29, 2014. The computers’ data included medical information on 981 patients who had cardiac catheterizations between July 14, 2014, and March 21, 2015.

The system said an investigation revealed that one of MetroHealth’s business associates updated software systems used on these computers during the five-day period in July, at which time the antivirus protection in them was disabled to facilitate the updates.

As a result, the malware was able to infect these computers, MetroHealth said. It was removed on March 18, 2015, the company said in its statement, adding that the malware had created a “back door” for potential subsequent access to those computers.

The system said there is no evidence of any subsequent access and that the back door component of the malware was successfully purged from the computers on March 21.

MetroHealth said there is no evidence the information obtained had been accessed or used.

The information accessed included patient date of birth, height, weight, medications and data related to the catheterization, among other information, the hospital system said.

MetroHealth said measures it has taken in response to the hacking include increased monitoring of computers for malware. The system said it is informing patients affected by the intrusion, in accordance with federal law.

A system spokeswoman could not immediately provide information on any insurance coverage.

Read Next

  • Cyber coverage getting its day in court

    A court ruling in favor of an insurer in one case and coverage litigation in another — both involving cyber insurance policies — may mark the beginning of a new stage in the coverage as a growing number of firms obtain these policies.