Medical Imaging Patients Exposed in Cyber Incident
Unauthorized actors accessed patient information, including exam and procedure details, scans, and Social Security numbers.
Right before Thanksgiving, East River Medical Imaging (ERMI) began sending letters to impacted individuals concerning a data security incident that it experienced.
On Sept. 20, ERMI detected suspicious activity occurring in its IT network and initiated its incident response process, launching an investigation alongside third-party cybersecurity experts and law enforcement.
ERMI determined that the threat actors accessed its network between Aug. 31 and Sept. 20, gaining access to documents in the system and potentially even copying some of them. The documents that were accessed vary depending on the individual, but included data like name, contact information, insurance information, Social Security number, exam and procedure details, imaging results, and physician information.
ERMI is offering complimentary credit monitoring services to those whose Social Security or driver's license numbers were part of the impacted data. It recommends that patients review their healthcare statements and contact their health insurer or the medical center immediately if they find that they have been charged for services they did not receive.
Mohammad Waqas, CTO of Healthcare for Armis, noted that more and more healthcare organizations are bringing their assets online, offering greater attack surfaces for threat actors.
"Healthcare organizations cannot afford to put off strengthening cybersecurity. On an average day, more than 55,000 physical and virtual assets are connected to organizational networks; yet an astounding 40% of these assets are left unmonitored — leaving critical, exploitable gaps," he said in an emailed statement.
"We have and will continue to take steps to enhance the security of our computer systems and the data we maintain. To help prevent something like this from happening again, we have enhanced our network monitoring capabilities, and will continue to assess and supplement our security controls going forward," the company said in a statement.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024