Virginia Public Health Organization Reports EMR Security Breach
As reported here and onEHRtv.com, The Department of Health And Human Services recently announced new guidelines for controlling and reporting security breaches of Electronic Medical Records. Now, just weeks after HHS’ announcement, Virginia has revealed that the EMRs of 8 million patients may have been compromised.
Yesterday, an FBI Official confirmed that they are investigating a $10 million ransom demand by a hacker or hackers, who say they have stolen nearly 8.3 million patient records from a Virginia government Web site that tracks prescription drug abuse. The breach involves the Virginia State Prescription Drug Monitoring Program’s website, www.pmp.dhp.virginia.gov/. Virginia’s governor said state police are also cooperating in the investigation. In a statement the governor said that the breach of patient EMR data is a serious crime, and is being treated as such. As of this writing the Website is still down.
FBI officials were made aware of the potential breach when last week they were contacted by the Virginia Information Technologies Agency (VITA). Asked whether patient information is secure, the FBI Official would not say, only that an incident had occurred. “I really can’t make a declarative statement as to whether anyone’s information is in jeopardy at this point,” the official said. Apparently a message appeared on the front page of the Program’s website from a hacker who claimed to have obtained the EMR information of the over 8 million patients in the system – and would sell the data to the highest bidder if the state did not pay him or them – 10 million dollars.
Sandra Whitley Ryals, director of the Virginia Department of Health Professions, which runs the program, confirmed that a criminal investigation is underway into the potential security breach which occurred on April 30. Since the unauthorized message was posted, the department has been working “very closely and cooperatively with federal and state law enforcement to resolve the situation. “The entire DHP system has been shut down since [April 30th] to protect the security of the program data,” Ryals said in a statement released to the Press.
A spokesperson for the Virginia Department of Health, which uses different software than the Prescription Monitoring Program, said that the Monitoring Program’s website is now secure, but that “something did happen.” The records that were allegedly stolen do contain social security numbers and other information valuable to identity thieves.
Michael Fitzpatrick, president and CEO of the NCX Group, a Newport Beach, Calif.-based computer-security consulting group commenting on the incident said that many government agencies just do not have the budgets to take the best security measures to prevent sophisticated attacks by hackers.
{ 3 Comments }
3 Responses to “Virginia Public Health Organization Reports EMR Security Breach”
Leave a Reply
Post Navigation:
Online Tools Help Doctors Compare EHR Solutions What Does the Death of 20 Polo Ponies Have to do With EHRs?
EMR implementations follow the 80/20 rule; that is, 80% of the work of implementation must be spent on issues of change management, while only 20% is spent on technical issues related to the technology itself.There are, however, several successful examples of EMR implementations in large hospitals
An electronic medical record (EMR) is a medical record in digital format.Many people define an EMR as just the physician interface.Stimulus package (HITECH) aims at incenting more physician to adopt EMR.Interoperability can also refer to legal interoperability, i.e. the regulatory issues of cross-border EMR implementations.In the United States, the development of standards for EMR interoperability is at the forefront of the national health care agenda.
Even in my industry (teaching sign language to medical staff) it has become necessary to secure the people I work with. Just cannot take security of client records to lightly. It is a shame this happened.
Sunny Ayala
South Carolina