Moving Your Business Opens New Doors for Hackers
By: Jim Stickley and Tina Davis
July 20, 2019
Last year, SSM Health St. Mary’s Hospital in Jefferson City, MO informed patients their PHI (Protected Health Information) may have been compromised. The hospital moved its location to Jefferson City four years earlier and subsequently discovered over 300,000 of its patients’ PHI were at risk as a result. The hospital discovered that during the move, countless documents full of PHI had been left behind in the old location. During the move the hospital transferred other medical records that were secured during the entire move. Those records were fine, it was those they forgot about that had no protection at all. Most patients had only their names and medical account numbers left behind. Still others had financial, clinical data, and demographic PHI exposed.
Accidental exposure of PHI is rampant in the healthcare industry. Even though St. Mary’s was a leave-behind incident, other PHI is easily stolen in many ways – none of them intentional. According to a study by Protenus “Breach Barometer 2017,” insider-error affected 785,281 patient records. Hospitals are a favorite target for hackers and employees inadvertently help them achieve their goal. Email phishing is very effective at getting employees to open messages and click on malware-laced attachments. Once that happens, hospital data systems can be frozen and held for ransom. Hackers know that lives may very well be at risk, and as a result, hospitals are more likely to pay the ransom.
In 2017, the infamous WannaCry ransomware attack left medical care providers around the globe frozen in their tracks, unable to serve their patients.
Although the St. Mary’s Hospital case was caused accidentally, any business changing location is vulnerable to the same inadvertent problems. Relocating is never easy and moving entire data systems is a crucial part of those moves. Should a budget allow, there are businesses who specialize in moving data, from pulling the plug to careful installation in the new location.
Regardless if you can hire the service or not, impeccable planning is needed. Try starting with the following to get moving:
- Create a data system moving list. It’s always important so you don’t forget something critical.
- Take inventory of entire systems and make a checklist before and after moving help guarantee that all data is moved from the old location and that all the data arrives in the new space.
- Be organized! Organization is key to sleeping well at night after a move, knowing all your data systems are exactly where they’re supposed to be.