[BreachExchange] Ransomware Attack on Connecticut Provider Impacts 25, 148 Patients

Destry Winant destry at riskbasedsecurity.com
Wed May 15 09:42:33 EDT 2019


https://healthitsecurity.com/news/ransomware-attack-on-connecticut-provider-impacts-25148-patients

Connecticut-based Southeastern Council on Alcoholism and Drug
Dependence is notifying 25,148 patients that their data was
potentially breached during a February ransomware attack.

On February 18, SCADD officials said they discovered some disruptions
the network. A review determined a ransomware attack had compromised
some of its systems. SCADD worked with a third-party forensics team to
investigate.

The investigation determined the compromised data included patient
names, addresses, Social Security numbers, medical histories, and
treatments. Officials said they could not rule out access. SCADD is
currently in the process of notifying the impacted patients, who will
receive a year of free credit monitoring and identity protection
services.

Despite a decline in ransomware attacks in other sectors, healthcare
has continued to remain a prime target to these cyberattacks. The
first quarter of 2019 saw a 195 percent increase in ransomware attacks
on business targets, and a 500 percent increase in the last year,
according to a Malwarebytes report.

EMPLOYEE DATA MISHANDLING BREACHES UMC PHYSICIAN DATA

Texas-based UMC Physicians is notifying patients of a potential data
breach, caused by two employee providers using an unsecured method to
shared data related to patient care.

According to officials, they discovered two employee providers
recently set up a Google shared drive to exchange follow-up tasks
related to patient care. The data included labs, appointments,
procedures, and therapies.

However, one employee was found to be forwarding emails to an
unsecured Google Gmail account. Officials said that while the
providers “intended to ensure good patient care by taking these
actions,” the patient data was compromised when it was stored on an
unsecured server.

Upon discovery, UMCP immediately retrieved and or deleted the affected
files and launched an investigation to determine the patients and data
impacted by the security event.

Although some of the shared files contained only patient names and
emails, many of the other files contained a trove of personal
information including demographic details, health insurance carriers,
medical record numbers, diagnoses, dates of service, contact details,
and procedures.

No Social Security numbers, insurance policy numbers, credit card
information, or other financial data was compromised.

All UMCP employees are currently receiving additional education on
appropriate cloud storage use to prevent a recurrence. Officials said
that they are also implementing other tools to prevent the use of
unauthorized cloud storage services.


More information about the BreachExchange mailing list