A Tennessee hospital discovered cryptomining software installed on a server that hosts its electronic medical records (EMR) system.
In January 2018, Decatur County General Hospital began notifying patients of a incident involving its electronic medical record systems. Its breach notification letter (PDF) reveals the hospital first learned about the security event from its EMR vendor:
On November 27, 2017, we received a security incident report from our EMR system vendor indicating that unauthorized software had been installed on the server the vendor supports on our behalf. The unauthorized software was installed to generate digital currency, more commonly known as “cryptocurrency.”
Decatur County General Hospital subsequently launched its own investigation into the incident. So far, it’s determined that a remote actor likely accessed the server on which its EMR system stores patients information including their names, addresses, dates of birth, Social Security Numbers, insurance details, and medical treatment records. It’s also found that the cryptomining software had been active since at least 22 September 2017.
The hospital’s EMR vendor replaced the server and operating system four days after discovery.
At this time, Decatur County General Hospital cannot confirm whether the individual responsible for the breach accessed patients’ information stored on the server. It tells patients as much:
Again, while our investigation continues into this matter, we have no evidence that your information was actually acquired or viewed by an unauthorized individual, and based upon reports of similar incidents, we do not believe that your health information was targeted by any unauthorized individual installing the software on the server. Our investigation to date, however, has been unable to reasonably verify that there was not unauthorized access of your information.
Cryptomining emerged as a salient threat in 2017. Tools responsible for generating (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/latest-security-news/cryptomining-software-discovered-on-tennessee-hospitals-emr-server/