On November 27, 2017, we received a security incident report from our EMR system vendor indicating that unauthorized software had been installed on the server the vendor supports on our behalf. The unauthorized software was installed to generate digital currency, more commonly known as “cryptocurrency.”
Again, while our investigation continues into this matter, we have no evidence that your information was actually acquired or viewed by an unauthorized individual, and based upon reports of similar incidents, we do not believe that your health information was targeted by any unauthorized individual installing the software on the server. Our investigation to date, however, has been unable to reasonably verify that there was not unauthorized access of your information.Cryptomining emerged as a salient threat in 2017. Tools responsible for generating new units of cryptocurrency preyed upon 1.65 million users over the first eight months of the year. Since then, researchers have discovered a single Monero mining campaign that victimized 15 million users in the fall of 2017. Such findings have led some security experts to wonder whether cryptomining will supplant ransomware as the most widespread form of digital crime in 2018. Given that possibility, it's important that hospitals and other healthcare organizations maintain the security and integrity of their EMR systems. They can find guidance for that objective here. To learn more about how Tripwire can protect your healthcare organization against digital threats, click here.