Glens Falls Hospital has revealed it was caught in a data breach that affected electronic health record vendor Oracle Health earlier this year.
According to Oracle Health, in January of this year, an unauthorized third party gained access to the Cerner electronic medical record, which contained protected health information for Glens Falls Hospital patients, along with patients at other hospitals across the country.
Glens Falls Hospital in New York no longer uses Oracle Health/Cerner as its EHR vendor as of November 2024. The data security incident did not involve Glens Falls Hospital's computer systems or current electronic health records platform, the hospital said.
Still, out of caution, Glens Falls Hospital has been working with Oracle to coordinate notice to patients. The two organizations are also jointly working to provide 24 months of complimentary credit monitoring and identity protection services to involved patients.
WHAT'S THE IMPACT
When Oracle Health learned about the incident, it initiated its incident-response process, and after taking steps to secure impacted systems, began an investigation in conjunction with federal law enforcement and external cybersecurity specialists.
In June, Oracle provided Glens Falls Hospital with a list of patients whose information may have been accessed. Oracle indicated that the files may have included patients' names, Social Security numbers, and information included within patient medical records, such as medical record numbers, doctors, diagnoses, medicines, test results, images, care and treatment.
Oracle advised potentially impacted patients to regularly monitor credit reports, account statements and benefit statements. If they detect any suspicious activity, they should notify the entity with which the account is maintained and promptly report any fraudulent activity to proper law enforcement authorities, including the police and their state attorney general.
THE LARGER TREND
A surge in cyberattacks, particularly in 2023, contributed to a steep rise in cyberattack costs for healthcare organizations last year, with the average breach cost nearing $11 million – more than three times the global average – making healthcare the costliest sector for cyberattacks, according to a KnowBe4 report.
Ransomware attacks have dominated, accounting for over 70% of successful cyberattacks on healthcare organizations in the past two years.
Phishing and social engineering tactics are the primary methods used to initiate the majority of cyberattacks, with estimates suggesting that 79% to 91% of attacks begin this way.
The report noted employees in large healthcare organizations have a 51.4% likelihood of falling victim to phishing emails, giving cybercriminals a better-than-even chance of successfully breaching these institutions.
Email: jlagasse@himss.org
Healthcare Finance News is a HIMSS Media publication.