Cryptocurrency Malware Found in Decatur County General Hospital’s Server

Cryptocurrency Malware Found

Decatur County General Hospital in Tennessee discovered on November 27, 2017 that its server housing the electronic medical record system has been installed with malware. This gave the attacker potential access to the medical records of about 24,000 patients.

The hospital’s medical record system vendor and the one who maintains the server installed the software without authorization. Apparently, the software was a type of malware called cryptocurrency miner. This malware uses the computer’s processors to verify cryptocurrency transactions, which are added to the public ledger containing details of all transactions. Anyone with a computer can perform cryptocurrency mining and is paid for verifying the transaction.

With a single computer, a person doing cryptocurrency mining can earn a few dollars per day. With a large number of computers infected with cryptocurrency miner, one can earn substantial earnings. This is the reason why cryptocurrency malware infections have increased recently.

Sometimes, computers with cryptocurrency mining malware may slow down considerably. But it’s not always apparent. In Decatus County General Hospital’s case, the malware was left undetected for over two months. So, it must have been installed some time September 22, 2017.

The cryptocurrency miner is not normally associated with data theft. But in this case, the attacker gained access to the server when he installed the malware and could possibly have accessed patient data.

This case of server breach and malware infection went through in-depth investigation. No evidence suggests that data theft occurred, but it’s not 100% certain that data access did not occur. Hence, hospital patients were notified that their PHI could have been compromised. Compromised data stored on the server included names, addresses, dates of birth, Social Security numbers, insurance billing information, diagnoses and treatment. As extra precaution, patients affected by the breach were offered 12-months credit monitoring services through True Identity for free.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

Since the incident, there are no reports of patient information misuse. It is believed that the attacker simply want to install the malware and not steal data. Nevertheless, patients were advised to monitor their accounts for fraudulent activities.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: