Fred Hutch Cancer Center clinical network breached

Health
By Liam

The Fred Hutchinson Cancer Center, an independent organization that also serves as the cancer program for the University of Washington School of Medicine, said Friday it was still assessing the potential impact on patients and employees.

WHY IT MATTERS

According to the Fred Hutch Cancer Center website, a criminal group outside the United States is responsible for the unauthorized activity on the clinical network discovered on November 19.

The center's Epic electronic medical records, as well as UW Medicine's network, do not appear to have been affected, but the investigation by federal law enforcement is ongoing.

The parts of the clinical network breached by the unauthorized users may contain patient information, but it could take weeks to find out, said Christina VerHeul, the organization's vice president of communications. The Seattle Times.

“The reality is that we do not know to what extent information has been obtained, nor what details that information is,” VerHeul said.

We have reached out to Fred Hutch's media team for updated information on the data security incident in addition to the center's press statement and will update the news as details become available.

THE BIG TREND

Last year, the Fred Hutchinson Cancer Research Center merged with the Seattle Cancer Care Alliance to become the Fred Hutchinson Cancer Center.

While Fred Hutch's precision oncology research system is unlikely to be affected by the attack, merging healthcare networks could pose a cybersecurity challenge. While combining legacy systems and siled data can boost interoperability, it can increase cybersecurity risks.

When CommonSpirit Health, which was formed when Dignity Health and Catholic Health Initiatives merged in 2019, suffered a ransomware attack in October, the breach not only took electronic health record systems offline and shut down medical operations in several states for nearly two weeks. disrupted, but also affected Virginia. Mason Franciscan Health. VMFH merged with CHI Franciscan, owned by CommonSpirit, in 2021.

That year, cancer software provider Elekta was also attacked, exposing the protected health information of cancer patients and knocking some cancer treatments offline at Intermountain Health and other health care systems that use the software.

Exfiltrating high-profile or sensitive patient data can itself be a primary target for some cybercriminals.

Earlier this year, an unauthorized user hacked and stole sensitive photos of nearly 3,000 patients from the Lehigh Valley Health Network in Pennsylvania, demanding $5 million and eventually exposing those photos on the dark web.

Cybercriminals are increasingly preying on individual patients, said Dr. Eric Liederman, director of medical informatics at Permanente Medical Group. Some patients know they could be the target of a data breach among their healthcare providers and are therefore reluctant to share health information, he said at the HIMSS Cybersecurity Forum in September.

ON THE RECORD

“Fred Hutch is committed to the safety, well-being and protection of patient and employee information and is continually updating and improving systems to prevent outside parties from gaining access to information,” the organization said in a news release. “We have implemented additional defensive tools and increased monitoring to further protect data.”

Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.

You might also like More from author