The Boise, Idaho-based hospital is investigating a potential data breach, following threat actors claiming to have sensitive hospital information.
What happened
Weiser Memorial Hospital (WMH) recently posted a notice on its Facebook page stating that it may have been a victim of a data breach.
WMH is a critical-access, non-profit hospital offering 24-hour emergency care and a range of specialty and surgical clinics.
On October 2nd, the hospital took to Facebook to share information about a possible cybersecurity incident. WMH said that upon learning about the incident, they quickly “took action to secure our environment and launched an investigation to better understand what information was potentially impacted.”
The hospital continues to investigate the incident and cannot currently confirm the validity of the attack or what information may have been accessed.
Going deeper
According to WMH’s post, a cyber threat group has taken responsibility for the attack and is claiming to have hospital data.
The hospital system first hinted at trouble on September 5th, when the organization posted to Facebook that they were experiencing network issues. At the time, WMH said their computer systems were down but patients were still being seen.
Computer difficulties continued through mid-September and on September 17th, WMH also experienced a phone outage that may have been unrelated.
What’s next
It’s unclear which cyber threat organization claimed the attack, but it’s common for cybercriminals to claim to have information even if they don’t. Threat groups frequently use fearmongering tactics to encourage hospitals to pay ransoms. WMH says they are currently “researching these claims, determining if they are factual, and the possible scope of potentially affected data.”
In their statement, WMH emphasized that data protection is their top priority. “We are committed to continuously improving our cybersecurity controls and will be evaluating security enhancements that can be implemented to reduce the likelihood of a similar incident reoccurring.”
The big picture
Data breaches, or even just the possibility of them, can be frustrating for hospitals and patients alike. One individual expressed frustration over the news and WMH has asked for patience as they evaluate the situation.
Even if data was not stolen, investigations into potential incidents can be costly and harmful to an organization’s reputation. In this instance, the situation was more damaging because it impacted computer systems for nearly a month.
If a breach occured, WMH will join many hospitals that have been victimized this year. With increasing breaches, hospitals are facing lawsuits and penalties for failing to secure data. Even the threat of a breach is enough to cause damage to a facility and prevent regular operations.
Read more: HIPAA Compliant Email: The Definitive Guide