Ransomware Attack Affects 300,000 Patients of Women’s Clinic

Cyber

Healthcare Compliance Perspective:

If Compliance Officers are faced with an actual or suspected breach of Protected Health Information, he or she must disclose the intrusion in accordance to federal and state laws and regulations. Preemptive security measures, such as encrypting and backing up files, should be implemented in order to minimize the damage of any security breach.

Ransomware Attack

Hundreds of thousands of patients were affected in a recently discovered ransomware hacking attack on a Pennsylvania women’s healthcare clinic. This attack is being ranked as the second largest ransomware-related health data breach reported so far to federal regulators.healthcare ransomeware

The clinic’s website posted a statement in mid-July that a server and workstation located in one of its offices had been “infected by a virus designed to block access to system files in May.” A forensic analysis later revealed that the attack may have been initiated much earlier-as far back as January 2017. That is when it is believed that external hackers were able to gain access to the clinic’s systems through a security weakness.

According to a privacy and cloud security firm, “it is not uncommon for malware, including ransomware, to be installed in systems for long periods of time before they are noticed or activated.” Reasons for the delays are dependent upon the type of malware that is used and what triggers them to launch. The most typical trigger is to just open a file or boot the computer; however, triggers vary and may also be time-based, date-based and action based, etc. For the most part, ransomware generally makes itself known more quickly because crooks are eager to collect their ransom.
The files that were encrypted were quickly restored from the clinic’s back-up server and the incident did not affect the clinic’s ability to care for patients. The kind of information involved ranged from a patient’s date of birth and personal medical information to their Social Security number. However, no driver’s license, credit card or other financial information was stored in any files on the compromised server.

The clinic is offering one-year of free credit monitoring to affected individuals, and working to prevent such events in the future.