Three ransomware attacks on Healthcare Organizations

Recently, healthcare companies as well as their business associates reported three ransomware attacks. Attacks on the Delaware Guidance Services (DGS) for Children and Youth, Direct Scripts and Maffi Clinics have resulted in exposure of the PHI (Protected Health Information) of around 70,000 people.

DGS has been forced to pay the ransom demand for unlocking the encrypted files on
their data servers. The files were encrypted in a ransomware attack on the Christmas Day of last year. The amount paid by DGS was not publicly disclosed.

After recovering the encrypted files, an IT firm was engaged by DGS for conducting a forensic analysis so as to found whether the attackers are successful in gaining access to the sensitive information before encrypting the files. The company was not able to find any proof that any Protected Health Information has been accessed or stolen, however the possibility cannot be ruled out. The data types in the files which were encrypted by ransomware include names, birth dates, addresses, Social Security numbers, and medical information. The Department of Health and Human Services' OCR (Office for Civil Rights) breach summary indicates that the PHI of around 50,000 individuals was possibly compromised in this ransomware attack on DGS.

A network of skin care and plastic surgery clinics in Arizona, Maffi Clinics alerted 10,465 patients that a few of their PHI like patients' names, telephone numbers, addresses, as well as pre-and post-operative information possibly been compromised due to a ransomware attack on September 11, 2018.

Maffi Clinics detected this attack quickly, and thus remediated this incident by closing (shutting down) the systems. The attackers had access to the systems only for 5 hrs. The speedy reaction limited potential for harm. The third-party IT consulting company has removed this ransomware and then restored the files from backups. Also, no proof was found that indicate the attackers has viewed or acquired patient data. Office for Civil Rights was notified regarding this attack on Mar. 6, 2019.

Direct Scripts, the Ohio provider of the pharmacy benefits management services, has suffered ransomware attack on Jan. 30, 2019, which led to encryption of files having patients' PHI.

The affected server contains the customer names, prescription information and addresses. All the other information that has been stored by the Direct Scripts is located on computers and servers not accessible to attackers. Also, no proof has been uncovered that suggest any kind of patient information was misused. The breach report of OCR indicates that 9,319 individuals were possibly affected by this attack.

» SPAMfighter News - 4/3/2019