Documents posted to a file-sharing website could have been used to steal medical record and credit card information from three nursing homes in New York state, according to a Tuesday report in the Wall Street Journal.
Cybersecurity experts found the documents on the website 4shared.com, the Journal reported. The site is well-known as a place where hackers post stolen files and data.
The materials were extensive, according to the WSJ. A document taken from Campbell Hall Rehabilitation Center included information such as the Internet addresses of wireless access points for 11 rooms, “precise” facility blueprints, and passwords for network access, the report stated.
However, no confidential health information of its residents was compromised, and the facility took immediate precautions — such as changing passwords — upon learning of the breach last week, Administrator Cathy Rauschendorfer told McKnight’s.*
The other involved facilities — Glengariff Health Care Center and the Bronx Center for Rehabilitation & Healthcare — also had taken steps so that the stolen documents did not pose serious security risks, according to the WSJ. There have been no reports of identity theft or other crimes related to the breaches.
All the facilities were using SigmaCare software from eHealth Solutions Inc. Because personal health information is encrypted, cyber criminals using the posted information still would not have been able to access that type of data, an eHealth executive told the Journal.
The newspaper also spoke with computer security experts, who said that the increasing use of Internet-connected medical devices, such as dialysis machines, has heightened the risk of these types of incidents.
*Editor’s Note: This article was updated to reflect information provided by Campbell Hall to McKnight’s as of the afternoon of Wednesday, Feb. 19.