Decatur County General Hospital in Tennessee just announced discovery of cryptomining software on a server that hosts its electronic medical records (EMR) system. Cryptomining – using the processing power of a device to mine cryptocurrency – is growing at such a rate that experts are speculating it may supplant ransomware as the most widespread form of digital crime in 2018.

Security Incident Details

Decatur began informing 24,000 patients of the attack on January 26. In a statement posted on its website, the hospital provided the following details:

  • Decatur’s EMR system vendor notified the hospital on November 27, 2017 of the unauthorized software on the server. The unauthorized software was installed to generate digital currency, and the server is supported by the unnamed vendor.
  • The hospital believes an unauthorized individual remotely accessed the server where the EMR system stores patient information to install the unauthorized software.
  • The presence of the cryptomining software dates back to at least September 22, 2017. The vendor replaced the server four days later.
  • The hospital has no evidence that patient information (including names, addresses, Social Security numbers, diagnosis information) was actually acquired or viewed by the unauthorized individual.
  • Because the hospital can’t confirm whether the information was accessed, they are offering a 1-year subscription to a free online credit monitoring service.

Cryptomining Incidents on the Rise

By stealing someone’s computer processing power via embedded code in websites or software, you can make money. The Decatur hospital incident is just the latest in a string of events that highlights the growth of cryptomining:

The Decatur hospital incident provides another reminder that security incidents can happen throughout the supply chain. In this case, the system penetration was via a system managed by the hospital’s software vendor. The incident also highlights why ongoing network activity monitoring is necessary to monitor network traffic and resource drains. Click below to learn more about Teramind.

Insider Threat Detection