A cyber attack on the database of Boys Town National Research Hospital in Omaha, Nebraska is said to have potentially compromised more than 105,309 patient medical records in May this year. After investigating the crisis, a spokesperson from Boys Town Healthcare chose to update the cyber incident to the press on Thursday this week.
As per the sources reporting to our Cybersecurity Insiders, it’s said that the hackers gained access to the database after sending a phishing email to one of the employees in the organization which eventually led to the hack.
All the 105,309 individuals have been informed about the hack on a digital note and notified to them in the email that info such as date of births, social security numbers, diagnosis analysis, treatment details, Medicare and Medicaid identifies, medical record numbers, billing and claims info, health insurance data, disability codes, birth and marriage certificates submitted after 2015, passport numbers, bank account numbers, website access credentials, driving license numbers, and employment identity codes were identified to have been exposed in the forensic investigation.
Why the healthcare organization chose to disclose the incident to the media this month happens to be a mystery.
In another incident of the same genre, Missouri based Blue Springs Family Care is said to have become a victim of a cyber attack where hackers have been reported to have accessed more than 44,997 patient medical records.
The hack started as a ransomware attack on an initial note and when the hospital authorities failed to pay the ransom, the hackers decided to dump the accessed data onto the dark web.
In this case, also, the attack took place on May 12, 2018, and the incident came into the light now after an investigation was carried out by a third party vendor.
Some sources reporting to Cybersecurity Insiders say that the perpetration of the database took place in Feb this year where hackers succeeded in installing a variety of malware onto the server. And the incident was only identified when the installed malware started to accept access commands from remote servers from early May this year.
The impacted data includes social security numbers, account numbers, driving license details, disability codes, medical diagnosis, addresses and dates of births.
Note- If all the data could be combined, then hackers could easily carve out a profile of a victim which can lead to a medical fraud.