Innovative Computer Systems | Stolen ePHI Crippling Heathcare - How you can prevent this from happening at your practice

Stolen ePHI Crippling Healthcare Practices Around the World

In the past few days, I’ve been following a hot topic at a public technology forum focused on IT security. As an IT professional, I need to emphasize the risks of connecting unsecured devices to your network. A USB Flash Drive is a perfect example. When possible, avoid flash USB drives like the plague. One exception to this rule is if the drive is encrypted and authorized by your practice in their IT Usage Policy.

It’s very alarming how medical practices are becoming the prime target for attackers. As a result, stolen ePHI crippling healthcare practices around the world is a becoming a real problem.

The American Dental Association (ADA) Example

Every year, new medical coding books are released to dental practices. These books are used to ensure the practices are following insurance claim guidelines. In this example, the American Dental Association (ADA) had shipped out their coding books with an attached USB drive that contains the book in an electronic format:

When the recipients analyzed the included USB drives, they discovered malware hidden in the code. They also determined the malicious code activates by just inserting the drive into a computer. It’s unclear what the malware code does. However, these drives could download malicious software to the target machine. As a result, this allows cyber criminals access to sensitive ePHI data.

The ADA’s Response

The ADA wasn’t aware of the malicious code at first. However, when infection reports starting flooding in, the ADA released the following statement:

“We have received a handful of reports of detected malware on some flash drives. These were included with the 2016 CDT manual. The “flash drive” is the credit card sized USB storage device that contains an electronic copy of the manual. Located in a pocket on the inside back cover of the manual. Your anti-virus software should detect the malware if it is present. However, if you haven’t used your CDT 2016 flash drive, please throw it away.

Many of the flash drives do not contain the Malware. If you have already used your flash drive and it worked as expected (it displayed a menu linking to chapters of the 2016 CDT manual), you may continue using it.

We apologize if this issue has caused you any inconvenience. Thank you for being a valued ADA customer.”

In Summary

Be on the lookout if your medical practice receives books, software or hardware includes a USB drive. If you come across one, immediately scan it with antivirus software to verify the legitimacy, then and proceed with caution. Contact your Managed IT Services Provider immediately If you suspect you have an infected USB drive. Together, we can prevent stolen ePHI from crippling your healthcare practice.

Here’s a quick video tutorial on how to encrypt a USB drive in Windows:

About Innovative Computer Systems

Innovative Computer Systems is a Managed Services Provider specializing in Healthcare Information Technology (HIT) and Corporate Business Technology. We work closely with our clients to understand their daily workflow requirements. Some of our clients include leaders in Ophthalmology, Facility Maintenance, Pediatrics, Law, Urology, Dermatology, Commercial Real Estate, Internal Medicine and Ambulatory Surgery.

April 28, 2016 By John Dritsas Avoid Cyber Crime Health Care Managed IT Services Healthcare Managed Services Provider NJ Ransomware Epidemic Security Virus infection

Encryption HIPAA IT security Security Risk Assessment

About the author

John Dritsas is an NJIT graduate with a Computer Engineering degree. John has been with Innovative Computer Systems since his internship in 2006. He has worked his way up the ranks to managing partner, and Chief Technology Officer.