cyber Breach

Decatur County General Hospital

May 6, 2023 1 min read
Decatur County General Hospital

An unauthorized software had been installed on the server the vendor supports on their behalf.

The unauthorized software was installed to generate cryptocurrency.

Information compromised included demographic information such as patient names, addresses, dates of birth, and Social Security numbers.

It also included clinical information such as diagnosis and treatment information, and other information such as insurance billing information.

In response to the incident, DCGH offered the patients an online credit monitoring service for one year.

Source: https://www.databreaches.net/tennessee-hospital-notifies-24000-patients-after-emr-system-attacked-with-cryptocurrency-mining-software/

TPRM report: https://scoringcyber.rankiteo.com/company/decatur-county-general-hospital

"id": "dec11367622",
"linkid": "decatur-county-general-hospital",
"type": "Breach",
"date": "02/2018",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'District of Columbia',
                        'name': 'District of Columbia Government Health',
                        'type': 'Government'}],
 'attack_vector': 'Unauthorized Software Installation',
 'data_breach': {'personally_identifiable_information': ['Patient Names',
                                                         'Addresses',
                                                         'Dates of Birth',
                                                         'Social Security '
                                                         'Numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Demographic Information',
                                              'Clinical Information',
                                              'Insurance Billing Information']},
 'description': 'An unauthorized software was installed on the server the '
                'vendor supports on their behalf to generate cryptocurrency. '
                'Information compromised included demographic information such '
                'as patient names, addresses, dates of birth, and Social '
                'Security numbers. It also included clinical information such '
                'as diagnosis and treatment information, and other information '
                'such as insurance billing information.',
 'impact': {'data_compromised': ['Demographic Information',
                                 'Clinical Information',
                                 'Insurance Billing Information'],
            'identity_theft_risk': 'High',
            'systems_affected': ['Server']},
 'motivation': 'Financial Gain (Cryptocurrency Mining)',
 'response': {'communication_strategy': 'Offered patients an online credit '
                                        'monitoring service for one year'},
 'title': 'Unauthorized Cryptocurrency Mining Software Installation',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Unauthorized Access'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.