New Mexico hospital tells patients to monitor bank statements after malware infection

Patients of Roosevelt General Hospital in Portales, New Mexico are told to monitor their credit reports after the healthcare unit discovered malware on a digital imaging server used in radiology that contained patient information.

Although it’s unclear if any patient data was compromised in the hack, RGH is alerting potentially affected patients and offering assistance in monitoring their information, local news outlet The Roosevelt Review reports.

Information contained on the server included names, addresses, date of birth, driver’s licenses numbers, Social Security numbers, phone numbers, insurance information, medical information and gender, the hospital said in its advisory. In other words, enough personally identifiable data to allow buyers on the dark web to conduct fraud.

RGH says its IT staff “secured and restored” the server and patient information as soon as the breach was identified, suggesting the infection may have damaged the data – i.e. a ransomware contagion.

The hospital has also performed an evaluation of server vulnerabilities while all other risks have been mitigated, according to the local news site.

RGH Marketing and Public Relations Director Jeanette Orrantia advises patients who receive a notice to monitor their credit reports.

“With security events such as this one, time was taken to thoroughly investigate what occurred and identify individuals who have been affected. Since then, the server has been secured and patient information has been restored. Health and Human Services was notified within the 60-day reporting timeframe,” said Orrantia.

RGH CEO Kaye Green added, “Although we are continuing our investigation, there is no evidence at this time that any patient data has been wrongfully used. The malware identified on the radiology server was contained and terminated immediately upon detection. This breach did not affect our electronic health record system or billing system.”

If you are among the affected RGH customers, be sure to follow your bank statements for any suspicious activity in the coming months and don’t hesitate to apply for any credit card monitoring service offered to you by the hospital. Fraudsters value patient records tremendously and use that information to craft sophisticated social engineering schemes to hack your finances or open up a new bank account in your name.