On December 20th, 2017, Jemison Internal Medicine, a health facility in Alabama, underwent a ransomware that encrypted all patient records. The ransom demanded has not been paid. Fortunately the hospital had backups of health data that it was able to restore after reinstalling the operating systems on the affected machines. The investigation conducted revealed that an individual had obtained access to the institution’s information system for a period of 3 months. During this period, the individual could have consulted the patients’ personal health data including their surname, first name, date of birth, address, social security number, driving licence number, information concerning their prescriptions, health insurance and treatment.
The incident prompted Jemison Internal Medicine to review its security policies and procedures. This attack testifies to the IS vulnerabilities of hospitals, maintenance problems, updates and technical support not always solved. And the situation is no better in other sectors. But in an area like health, lives can be put at risk.