Third Party Vendor breach allowed Virus into CHI Health
Who: CHI Health
When it happened: February 13-14, 2019
How it happened: A device brought in by a third-party vendor introduced a virus, also known as malware, into the health system’s network. The virus affected some hospitals and clinics within the healthcare system Tuesday and Wednesday but that it did not result in an external breach or hack of patient information or disrupt patient care. The virus did not affect medical devices. Instead, it affected browsers used to connect with the health system’s network internally.
Outcome: That required the health system to shut down some devices used to access medical records — specifically, portable ones — until teams can check them and make sure that they’re not infected.