A recent ransomware attack on Emory Healthcare in Atlanta, Georgia brings to light a new HIPAA compliance issue.

On December 30, 2016, Chris Vickery, from MacKeeper Security Research Center, discovered a misconfigured MongoDB database containing the protected health information (PHI) of more than 200,000 patients. On January 3, Vickery confirmed the database had been wiped by ransomware, called Harak1r1. The information included patient names, addresses, email addresses, birthdates, and medical record numbers.

This is a new development. Previous ransomware attacks merely encrypted the information and required a ransom for the covered entity to regain access to their data. This new version of ransomware completely wipes the information in the database, which can make the situation even trickier when it comes to paying the ransom and getting the PHI back.

Harak1r1 specifically targets misconfigured MongoDB databases. It appears to have been seen for the first time around December 21, 2016, so it’s relatively new. If you are not familiar with MongoDB databases, we recommend talking about them and this new form of ransomware with your IT director. Or, get in touch with a cybersecurity organization, like MainNerve, to setup pen testing and and social engineering to help protect your organization form these types of attacks.

What does this have to do with HIPAA compliance?

HIPAA requires that covered entities ensure the confidentiality, availability, and integrity of electronic protected health information (ePHI). This new form of ransomware makes the ePHI unavailable and definitely puts the integrity and confidentiality of the health information at risk. This is a huge HIPAA breach; one that Covered Entities need to be made aware of.

So far, it appears that Emory Healthcare has not released a press release. They may be under instructions from law enforcement to do nothing until an investigation is completed. Until the health care community knows more, Covered Entities should work to ensure that they won’t be hit by ransomware.

To learn more about ransomware, use our HIPAA compliance tools and sign up for HIPAAgps today!