Last week, the FBI put health care providers on notice; They’re simply not ready for attacks that could bilk their employees’ or patient’s digital records.
This morning, (infamous) information security blogger Brian Krebs (@BrianKrebs) posted a case study in just how one hospital was breached — targeted by a tax fraud gang.
Steve Mordecai, director of human resources at Griffin Hospital, confirmed that a security breach at his organization had exposed the personal and tax data on “a limited number of employees for Griffin Health Services Corp. and Griffin Hospital.” Mordecai said the attackers obtained the information after stealing the organization’s credentials at a third-party payroll and HR management provider called UltiPro.
Mordecai said that the bad guys only managed to steal data on roughly four percent of the organization’s employees, but he declined to say how many employees the healthcare system currently has. An annual report (PDF) from 2009 states that Griffin Hospital alone had more than 1,384 employees.
According to information in their Web-based control panel, the attackers responsible for hacking into Griffin also may have infiltrated an organization called Medical Career Center Inc., but that could not be independently confirmed.
This crime gang also appears to have targeted senior living facilities, including SL Bella Terra LLC, a subsidiary of Chicago-based Senior Lifestyle Corp, an assisted living firm that operates in seven states. Senior Living did not return calls seeking comment.
In addition, the attackers hit Swan Home Health LLC in Menomonee Falls, Wisc., a company that recently changed its named to Enlivant. Monica Lang, vice president of communications for Enlivant, said Swan Home Health is a subsidiary of Chicago-basedAssisted Living Concepts Inc., an organization that owns and operates roughly 200 assisted living facilities in 20 states.
This is just the latest in a long list of cyber snafus at hospitals.
Earlier this month, the Boston Globe reported that Boston Children’s Hospital has been under repeated assaults from Anonymous. And, this time last year, Krebs reported that a Washington state hospital was hit by hackers for more than a $1 million.