[BreachExchange] Arkansas Facility Ransomware Attack Potentially Affects 128K

Audrey McNeil audrey at riskbasedsecurity.com
Thu Oct 5 19:24:08 EDT 2017


https://healthitsecurity.com/news/arkansas-facility-
ransomware-attack-potentially-affects-128k

Arkansas Oral & Facial Surgery Center recently announced on its website
that it experienced a ransomware attack on its computer network on July 26,
2017.

An investigation determined that the ransomware had been installed either
earlier that morning or the evening before. The organization added that
extortion was likely the reason for the attack, and not an attempt to gain
patient information.

A limited set of patient information was likely affected, the center
explained. Additionally, imaging files, such as x-rays, and other documents
(i.e. attachments, radiographs) were impacted.

The OCR data breach reporting tool states that 128,000 individuals were
possibly impacted.

The attachments and radiographs might include demographic information such
as patient names, addresses, dates of birth, and Social Security numbers.
Clinical information such as diagnoses, treatment plans or conditions and
other information such as health insurance information were also likely
included.

“While our investigation into the matter continues, it does not appear that
patient information was stolen from our system,” the statement explained.
“However, the ransomware has rendered the imaging files and documents
inaccessible. Based on our present investigation, it also appears that the
ransomware rendered all electronic patient data inaccessible pertaining to
visits within approximately three weeks prior to the incident.”

The center said it has implemented a new record system and will also be
offering patients 12 months of identity repair and credit monitoring
services. Arkansas Oral & Facial Surgery Center added that patients should
“exercise caution regarding communications if you receive an unsolicited
call or email” about the incident.

“Please know that we will not call or email anyone requesting any personal
information as a result of this situation,” the center concluded.

PHISHING ATTACK EXPOSES COMPANY EMAILS, CERTAIN PATIENT DATA

Wisconsin-based Network Health recently had two staff members fall victim
to a phishing attack, which exposed their company emails. From there,
certain patient information may have been exposed, according to a company
statement.

While credit card and financial information were not involved and Network
Health has no reason to believe the information was misused, it still
brought in a forensic expert to determine the impact’s extent.

Approximately 51,000 individuals may have had their information accessed,
the organization said. This data may include member names and IDs, provider
information, addresses, phone numbers and dates of birth.

Additionally, claims information and Health Insurance Claim Numbers may
have been exposed in a few limited cases. Affected individuals will be
offered one year of free identity theft protection and monitoring services.

“We take the security and sensitive information of our members very
seriously,” Network Health Chief Administrative Officer Penny Ransom said
in a statement. “As a result of this attack, steps are underway to further
improve the security of operations and prevent future incidents.”

This includes reeducating the entire organization on how “to recognize and
report these more sophisticated phishing attempts,” the Network Health
announcement read. The entity added it is reviewing all security processes
and procedures.

“Network Health maintains technical safeguards to protect against phishing
incidents and detect intrusions,” Network Health maintained. “There are
safeguards in place to ensure the privacy and security of all member
information.”

OK DATA SECURITY INCIDENT STEMMED FROM EMPLOYEE THEFT

Mercy Health Love County Hospital and Clinic reported that a former
employee stole a laptop and a small number of patient records from a
hospital storage unit, creating a data security incident affecting 10
patients.

The Oklahoma facility stated that the information gathered, including
patient names and Social Security numbers, was used to fraudulently obtain
credit cards.

“We are very upset that this occurred, as we take the privacy and security
of our patient information very seriously,” Mercy Health Love County
Hospital and Clinic Administrator Richard Barker said in a statement. “We
are taking steps to secure all patient information to prevent anything
similar from happening again, and we will do all we can to see that the
criminals are held accountable.”

This incident was first reported in July 2017, with KXII Fox News 12
stating that the suspected thief was Lane Miller. Miller had worked as a
licensed practical nurse for Mercy Health until the beginning of 2017, the
news station said.

While Mercy Health reported that only 10 individuals had their information
impacted, the OCR data breach reporting tool lists an incident stemming
from a theft of “paper/films” at Mercy Health affecting 13,004 individuals.
The breach submission date listed is September 20, 2017.

STOLEN LAPTOP LEADS TO VA MEDICAL CENTER PHI DATA BREACH

Spokane, Washington-based Mann-Grandstaff VA Medical Center (MGVAMC) stated
that the PHI of 3,275 veterans may have been exposed in a recent data
breach.

A vendor-issued laptop was reported missing on August 7, 2017 during an
equipment inventory, according to a press release. The device was used to
interface with a Laboratory hematology analyzer and was in operation
between April 2013 and May 2016.

Information that may have been compromised includes full names, dates of
birth, and Social Security numbers. Veterans who may have had a hematology
sample processed at the Mann-Grandstaff VA by the missing analyzer in the
April 2013 and May 2016 timeframe will receive a data breach notification.
If necessary, those individuals will also be offered one complimentary year
of credit monitoring services.

“We at VA take information security very seriously and will continue to
work to ensure that appropriate safeguards are in place to protect
Veterans’ information,” the statement read. “Leadership at Mann-Grandstaff
VAMC has developed a new media sanitization policy to prevent this from
happening in the future.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171005/34279650/attachment.html>


More information about the BreachExchange mailing list