Third Party Vendor breach allowed Virus into CHI Health

2019, Breaches, February

Who: CHI Health

When it happened: February 13-14, 2019

How it happened: A device brought in by a third-party vendor introduced a virus, also known as malware, into the health system’s network. The virus affected some hospitals and clinics within the healthcare system Tuesday and Wednesday but that it did not result in an external breach or hack of patient information or disrupt patient care. The virus did not affect medical devices. Instead, it affected browsers used to connect with the health system’s network internally.

Outcome: That required the health system to shut down some devices used to access medical records — specifically, portable ones — until teams can check them and make sure that they’re not infected.