Hospital Hit with Cryptocurrency Mining Malware

Share this…

Decatur County General Hospital in Parsons, Tennessee, is notifying more than 20,000 individuals that their health information was potentially compromised by an incident last year involving cryptocurrency mining software discovered on an electronic medical records server.


The hospital says that on Nov. 27, 2017, it received an information security incident report from its EMR system vendor, indicating that unauthorized software had been installed on the server the vendor supports on the hospital’s behalf.

“We believe an unauthorized individual remotely accessed the server where the EMR system stores patient information to install the illegal software. The software was installed on Sept. 22, 2017, or earlier, and the EMR vendor replaced the server and operating about four days later” according to the hospital staff

The hospital’s statement did not offer an explanation about why the EMR vendor apparently took more than two months to notify the hospital about the cryptocurrency mining discovery.

The Decatur County General Hospital breach is listed on the Department of Health and Human Services’ HIPAA Breach Reporting Tool website as a “hacking/IT incident” impacting 24,000 individuals and involving a network server. The HHS website, commonly called the “wall of shame”, lists health data breaches impacting 500 or more individuals.

 Information security  experts  for International institute of cyber security contends that ransomware is still likely a bigger threat to healthcare entities because of the potential disruptions to care delivery as well as possible privacy breaches ransomware poses. Another concern is the kinetic expression of an information security attack. For example, there could be a fire due to a huge demand on a computer, which could destroy one system, many systems, or risk human life

The hospital is offering one year of free credit monitoring to affected individuals.