Ransomware Attack on CHI Health Affects 48,000 Lakeside Patients

A ransomware attack on CHI Health in Omaha, NE resulted in the potential compromise of around 48,000 patients’ protected health information (PHI). CHI Health is a 14-hospital health system.

CHI Health discovered the ransomware attack on August 1, 2019, which impacted an old electronic health record system. The health records of patients who got medical services at the Lakeside Orthopedic Clinic of CHI Health before April 2016 were contained in the EHR system.

Based on investigation reports, the attack resulted in the encryption of a database utilized by the electronic health record system. Though it is very likely that the attackers could have accessed or copied patient data, there is no evidence that data was accessed without authorization or exfiltrated. CHI Health did not receive any report of patient data misuse as well. The only motive behind the attack seems to be the extortion of money from CHI Health.

The following types of data were stored in the database: patient names, contact numbers, addresses, birth dates, Social Security numbers, diagnoses report, treatment data, and other medical data.

CHI Health sent breach notifications by mail to the affected persons and reported the breach to the Department of Health and Human Services’ Office for Civil Rights as well as to other proper authorities.

As a safety precaution, the provider offered all affected people a free subscription to credit monitoring and identity theft protection services for 12 months. CHI Health also took the required steps to avoid similar breaches from happening again in the future.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone