Doctors Management Services notifies patients about ransomware attack on their network

Doctors' Management Service (DMS) Inc., a medical billing services provider based in Massachusetts, recently started notifying the patients that its data was possibly breached due to ransomware attack on their network.

Practice management services was provided by the Massachusetts vendor to the physicians as well as hospitals, including AT Care, New England Community Medical Services, Bell Mental Health Associates, Lowell General Inpatient Specialists, Holy Family Medical Specialty, New England Inpatient Specialists, Bhealthy Primary Care, Today's Wellness, and Beverly Surgical Associates, among others who are impacted by this breach.

On Dec. 24, 2018, the officials of DMS first discovered that malicious software was downloaded to their network, thus preventing files from getting accessed. An investigation of the security incident has been launched with assistance of a third-party forensic investigator, so as to determine scope of this incident. They discovered this network problem stemmed from the GandCrab ransomware variant.

Additionally, the investigation further revealed that the person responsible for installing ransomware first gained access to DMS network on Apr. 1, 2017 (i.e. 7 months before this ransomware was deployed). The access to DMS network has been gained via RDP (Remote Desktop Protocol) on a workstation.

In a statement, the officials of Doctors' Management Service said that "we did not detect any unauthorized access to our server until ransomware was used to maliciously encrypt our files. We did not pay the ransom, but instead were able to restore all data through our backups".

After reviewing the server so as to determine what kind of health and/or personal information got compromised in this security incident, the officials said that impacted data contains patient names, addresses, Social Security numbers, dates of birth, Medicare/Medicaid ID numbers, insurance information, driver's license numbers, as well as some diagnostic information.

On February 15, 2019, the investigation got completed. The officials did not find any evidence that Personal Health Information (PHI) has actually been viewed or downloaded.

Since the attack, DMS has updated their network security to reduce access from outside the network. Officials also added that they are further working with a third-party security firm in order to avert repeat occurrence, while continuing providing cyber education to their staff.

Impacted clients as well as patients were notified about this incident, and also the breach was reported to Department of Health and Human Services' Office for Civil Rights. Breach summary on OCR website indicates that 206,695 patients were impacted by this breach.

» SPAMfighter News - 5/17/2019