“I opened it up and I read this and just got furious. I don’t have words for it right now.” That is what one patient of UW Medicine and Haborview Medical Center told KomoNews.com in regards to receiving notice that her medical records had fallen victim to a malware attack.
Pursuant to the HIPAA Rules, patients must be notified if a breach occurs, which affects their medical records. The HIPAA Rules defines a breach as “an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information such that the use or disclosure poses a significant risk of financial, reputational, or other harm to the affected individual.
Listen to the video to learn more about HIPAA breach notification requirements:
The reported malware attack occurred when an UW Medicine and Haborview Medical Center employee opened an email attachment that contained a malware. The malware took over the employee’s computer that contained patient information including patients’ names, dates of birth, home address, phone numbers, dates of service, medical records numbers and social security numbers. The reported breach affected 90,000 patient records.
Microsoft’s Safety & Security Center defines malware as “any kind of unwanted software that is installed without consent.”
Malware can replicate, spread automatically, and compromise and harm your computer. In addition to viruses, malware includes trojans, spyware, adwords, worms, and many others.
Stay posted. Look for our upcoming blog regarding Malware and Virus FAQs.