Privacy & Security

Surgery center says 34,000 patient records potentially breached

St. Mark’s Surgery Center discovered the virus on May 8, which affected certain patient files on the Florida provider’s server.
By Jessica Davis
August 24, 2017
03:44 PM

St. Mark’s Surgery Center was hit by a ransomware attack that may have impacted the personal health information of 33,877 patients.

The Florida provider discovered a ransomware attack on May 8, although the attack occurred from April 13 until April 17. The installed virus prevented patient data from being accessed during that time.

The impacted servers contained patient names, dates of birth, Social Security numbers and medical information.

[Join Your Peers at HIMSS’ Healthcare Security Forum! Register Today]

St. Mark’s contact a third-party cybersecurity firm to help the provider remove the ransomware and perform a forensic investigation. The firm confirmed to St. Mark’s that the malware was entirely removed and any continued access was blocked.

While the investigation didn’t uncover whether the health information was stolen or viewed, the possibility could not be ruled out with necessary certainty.

[Also: The biggest healthcare breaches of 2017 (so far)]

The U.S. Department of Health and Human Services’ Office of Civil Rights requires healthcare organizations to report ransomware attacks as a breach, unless the provider can explicitly show the hacker couldn’t access patient data.

St. Mark’s is following OCR guidance and reporting the ransomware attack to its patients.

The provider has also incorporated security improvements such as a better firewall, upgrading all systems with the latest antivirus software and improving its best practice patch management policies.

St. Mark’s has also implemented unified threat management services and installed a new backup and disaster recovery system -- the system performs hourly backups that are stored offsite.

It’s important to note that although St. Mark’s correctly notified OCR and patients of the breach, it failed to meet the 60-day reporting requirement -- a violation of HIPAA rules. Earlier this year, Presence Health was fined by OCR for $475,000, due to a one-month delay in issuing breach notifications.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Topics: 
Privacy & Security

More regional news

Nurses huddled together look at electronic health records on a tablet.

Epic and Marquette collaborate on EHR training for nursing students

By
Andrea Fox
October 31, 2023
HHS headquarters in Washington

New information blocking rules from HHS could cost noncompliant providers thousands

By
Mike Miliard
October 31, 2023
Physician using multiple EHRs and IT systems

Clinician EHR struggles compromise patient care, study shows

By
Nathan Eddy
October 31, 2023
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

HHS headquarters in Washington
New information blocking rules from HHS could cost noncompliant providers thousands

Most Read

Guardrails, data governance key to solid generative AI outcomes
AHA security leader sees 'AI-fueled cyber arms race'
Multiple data access deals signed in Korea for digital health research
FBI dismantles Qakbot malware targeting hospitals
Boards are grasping cyber threats, but CISOs still feel underprepared
Is your hospital ready for 3-4 weeks of downtime?

Research

White Papers

More Whitepapers

Artificial Intelligence
Analytics
Precision Medicine

Webinars

More Webinars

Analytics
Analytics
Privacy & Security

Video

Elise Kohl-Grant, cochair of the programming committee at the HIMSS New York State Chapter
New York State Chapter of HIMSS focuses on health equity
Dr. Michael Poku, chief clinical officer at Equality Health
Addressing health equity's cost curve
Dr. Michael Pfeffer at Stanford Health Care_Photo: Doctor using tablet by Sean Anthony Eddy/E+/Getty Images
CIO Spotlight: Dr. Michael Pfeffer of Stanford Health Care
Lynn Carroll, COO of HSBlox
Using tech to get to health equity-social determinants of health link

More Stories

A pharmacist doing an inventory using a digital tablet.
There is no escaping making investments in cybersecurity...
group of healthcare workers talking over hospital bed
Modernizing clinical placement to accelerate clinician training and recruitment
A male doctor sits with another man and they are looking at SDOH data on a mobile device.
Tufts Medical Center to pilot nutrition screening in EHR
Lynn Carroll, COO of HSBlox
Using tech to get to health equity-social determinants of health link
Yale New Haven Health
Yale New Haven radiologists boost CT scan reviews with AI
Dubai Health Authority
The current state of Dubai’s healthcare digital transformation journey
Leah Dewey, VP of clinical and consumer engagement operations at Cotiviti.
Payers have a part to play in addressing health disparities
Christie Teigland, vice president of research science and advanced analytics at Inovalon.
Medicare Advantage plans' star ratings to be affected by Health Equity Index