Illinois hospital blackmailed over patient data

First it was data breaches, sometimes from cybercriminals and sometimes employee error, but now it’s blackmail. CIO, by way of IDG News Service, reports that Clay County Hospital in Illinois says someone attempted to blackmail the facility to release information on certain patients. The hospital, a mid-sized chain, “received an anonymous email on Nov. 2 […]

First it was data breaches, sometimes from cybercriminals and sometimes employee error, but now it’s blackmail.

CIO, by way of IDG News Service, reports that Clay County Hospital in Illinois says someone attempted to blackmail the facility to release information on certain patients.

The hospital, a mid-sized chain, “received an anonymous email on Nov. 2 that asked for ‘a substantial payment’ to avoid patient data being released,” CIO reports. “The email included ‘protected health information.”

Clay County Hospital said it immediately reported the incident to authorities. Hospital officials told the news service that patients who visited the hospital on or before February 2012 had information released, including names, addresses, Social Security numbers and dates of birth. No medical information was revealed, the hospital said, adding that it believes the information has not yet been released.

The hospital declined to reveal exactly how many patients were affected by the blackmail. It added that its systems were not hacked.

Healthcare data breaches are increasingly – and disturbingly – common these days, but blackmail seems pretty rare and it’s seemingly yet another minefield for hospitals to navigate.

The annual cost of health data breaches could reach up to $5.6 billion next year, according to a recent report from Experian.

Topics