Increasing incorporation of IT solutions in healthcare industry has been fruitful, but not thoroughly constructive. With high exposure to large, connected networks, securing crucial medical data has become a key challenge; one that demotes the adoption of multiple healthcare-IT solutions. From clinics to hospitals, medical databases are being managed by third-party IT service providers. Sharing the mutual discipline of safeguarding such critical data has caused many disruption in the merger of healthcare business and IT services across the globe.

A recent cyber attack highlights how hackers have managed to break through the data network of a prominent medical research corporation, targeting information of dermatology patients. The Surgical Dermatology Group in Alabama has fallen victim to this recent hack, which affected the servers of this company and leaked vital information about patients.

The Surgical Dermatology Group is a special practice facility that has offices in Birmingham, Huntsville and Montgomery. The said cyber attack was not directed towards extracting data from this medical facility. Reports reveal that a cloud-hosting service provider that handled the data of this medical facility, along with other enterprises, was attacked by hackers, who stumbled upon data from the Surgical Dermatology Group.

A breach as such reflects the risks of keeping essential data at the possession of service providers. Lack of technological infrastructure compels private medical facilities such as the Surgical Dermatology Group to partner with third-party data hosting service providers called TekLinks. According to the report, the breach into TekLinks cloud-hosting server enabled hackers to access and exfiltrate personal health information associated with patients from the Alabama-based dermatology center.

Hackers could access the data by penetrating the cloud network managed by TekLinks. The service provider was not quick to notify the intrusion as the people at Alabama’s specialty dermatology center were helpless to avert it. Such an incident has stressed the vulnerabilities of dermatology devices that store and share information across large databases through cloud-hosting servers.

The unauthorized access that occurred in early May was monitored by TekLinks, investigations from which revealed malicious activity in databases associated with the Surgical Dermatology Group. While the service provider assured that their data has been blocked for remote access, there’s a strong chance that hackers could have viewed or duplicated data beforehand. A forensic investigation commissioned by the specialty center determines the scope of the breach. Healthplan information, patient ID numbers, social security numbers, and physician names comprised of the compromised data affected by the attack. Considering the value of such information to hackers, security of connecting dermatology devices has become hypercritical.

Investigations also revealed that names, home addresses, telephone numbers, mobile numbers, personal information, email addresses, and other electronic medical records of patients were also compromised. Hackers were also able to access health plans, charges, payment logs, and information on treatments adopted by patients at the Surgical Dermatology Group center in Alabama. In the wake of this attack, developers of dermatology devices must focus on protecting information by data encryption. Along with dermatology centers, other medical facilities must also work towards finding solution to the risks of putting data on large grids of connected servers, wherein collaborating with cloud-hosting service providers becomes obligatory.