Many people are rightfully questioning whether their records are safe and secure from unauthorized disclosure of electronic medical records and from hacking after the electronic records of a large Maryland hospital corporation fell victim to hackers who unlawfully broke into its computer system and reportedly held electronic records for ransom.
MedStar Health is the largest health care provider in Maryland and the Washington, D.C. area, operating ten hospitals and other health care facilities and medical practices with 6,000 affiliated physicians and 30,000 associates.
It has been reported that hackers had broken into a MedStar Health computer server, exploiting flaws that had first been identified in 2007. The hackers reportedly took advantage of vulnerabilities in a JBoss application server supported by Red Hat Inc. and others. The hackers allegedly used software that scans the internet looking for accessible JBoss application servers that are vulnerable to the flaws identified in 2007 and 2010. Once access is gained by hackers, passwords can be stolen and the hackers can encrypt data on the servers, making the files unaccessible until a ransom is paid.
MedStar Health has denied paying any ransom but reportedly had some imaging, lab files, and other duplicate records made inaccessible due to the malware attack, according to reports. MedStar Health further denies that the software flaws identified in 2007 and 2010 were involved in the hackers’ attack.
In its statement issued on March 29, 2016, MedStar Health stated, in part, “Significant progress is being made toward restoring functionality of MedStar Health’s IT system, which was affected by malware early Monday morning. At the early signs of an issue, our team quickly made a decision to take down all of our systems as a precaution and to ensure no further corruption … we are working to restore the majority of our IT systems today. We are using backup systems, including paper documentation—a process used before the advancements of technology—where necessary, and as an additional layer of support to our clinical operations.”
On April 4, 2016, MedStar Health issued a statement in which it acknowledged a “malware attack on Medstar Health’s IT system,” but refused to provide further information other than stating that “we have no evidence of any compromise of patient or associate data.”
So, how secure are your electronic medical records? It may be impossible to know whether someone without authorization has accessed your records, read your records, copied your records, and/or unlawfully disseminated your records. As the idiom warns, it’s too late to close the stable door once the horse has bolted.
If you or a loved one have been injured due to medical negligence in the United States, you should promptly seek the legal advice of a local medical malpractice lawyer in your U.S. state who may investigate your medical malpractice claim for you and represent you in a medical malpractice case, if appropriate.
Click here to visit our website to be connected with medical malpractice lawyers in your state who may assist you with your malpractice claim, or call us toll-free in the United States at 800-295-3959.
Turn to us when you don’t know where to turn.