[BreachExchange] Cone Health practice loses data in ransomware attack

[Destry Winant]

https://www.thetimesnews.com/story/news/2020/11/05/ransomware-attack-loses-data-cone-health-practice/6164713002/

The Alamance Skin Center needs patients to confirm their upcoming
appointments after losing data in a ransomware attack, according to a
Cone Health news release.

Hackers did not get any patient data, Cone Health says, but the
practice also could not retrieve information on patients, according to
the release. The Skin Center’s medical records system is on a separate
server from Cone Health’s main system, so the attack was isolated.

The attack was in late July, and the hospital system determined its
data were not retrievable Oct. 21. HIPAA laws require reporting
breaches of private patient information, according to the release.

Cone Health believes the attack was either phishing — emails sent to
employees to trick them into opening files or links to malware — or
“brute force” — sending many possible passwords until something works.

Ransomware generally gets into a data system and threatens to destroy
it unless a ransom is paid to the hackers. Attacks have been on the
rise at least in part because the programs used in the attacks can be
bought on the dark web, so it doesn't take a very sophisticated
attacker to pull one off. Employee training and data backups are the
defenses cyber security experts talk about the most.

Patients of the Skin Center should get letters from Cone Health with
information about how they can protect themselves and monitor their
credit reports.