by Laurie M. Johnson, MS, RHIA | Monday, 22 February 2016
On Feb. 5, Hollywood Presbyterian Medical Center experienced an electronic health record (EHR) outage that began due to ransomware. This type of malware had shut down the hospital’s internal computer system and communication devices, with only a software “key” capable of reopening the internal data files. The hospital has reported that patient care was not compromised at any time or in any way. Hollywood Presbyterian returned to paper registrations and documenting on paper forms throughout the incident. The emergency department and fax machines were some areas that were affected by the hacking, however.
The hospital released a statement on Feb. 17 noting that it had paid the ransom of 40 bitcoins, or approximately $17,000, in order to obtain the decryption key and return the operations to normal as soon as possible. Bitcoin is a type of digital currency that is difficult to trace. Operations were restored on Feb. 15.
Hollywood Presbyterian Medical Center notified law enforcement immediately, and the Federal Bureau of Investigation (FBI) is now involved with the case. Computer experts assisted the facility in getting their health information systems back online and in understanding the event. According to a memo released by the hospital’s president, Allen Stefanek, “we have no evidence at this time that any patient or employee information was subject to unauthorized access.”
This incident raises the importance of backup systems, redundancy, security, and information governance. Could a hacker invade an electronic health record and impact patient care? Could a hospital be shut down permanently? How do security measures need to change in order to keep our health information safe?
February is Information Governance Month. You may wonder, “what is information governance?” This American Health Information Management Association (AHIMA) initiative is focused on protecting and maintaining high quality of data and integrity of all types of data. As we have learned in recent years, data is very important in the healthcare industry to providing high quality of care, a safe environment, and cost-effective treatment. Information is an asset to any organization that must be kept safe and secure. We need information governance so that we can extract clinical and business information and optimize its usefulness.
Health information management (HIM) professionals have always understood the importance of data security and consistent data. As healthcare delivery becomes more electronic in nature, the need for security and management will become heightened.
This cyberattack highlights the need to remain diligent in our security practices to protect the most personal of information – our health records.
About the Author
Laurie Johnson, MS, RHIA, FAHIMA is the director of health information management (HIM) consulting services for Panacea Health Solutions Inc. She has conducted ICD-10 education sessions and documentation reviews for multiple organizations. Prior to working for Panacea, Laurie worked for Peak Health Solutions and Optum.
No comments:
Post a Comment