[BreachExchange] Blue Springs Family Care hit by ransomware attack that potentially compromised data of over 44, 000 patients

[Destry Winant]

https://cyware.com/news/blue-springs-family-care-hit-by-ransomware-attack-that-potentially-compromised-data-of-over-44000-patients-c5440ba1

- The attack was discovered by a computer vendor of the company on May 12.
- Patients’ full names, home addresses, birth dates, Social Security
numbers, medical health records and disability codes may have been
stolen by hackers.

Missouri-based health care provider Blue Springs Family Care is
notifying 44,979 patients that their protected health information
(PHI) may have been compromised due to a ransomware attack that took
place in May 2018.

According to the health care provider, the attackers may have gained
access to a variety of information including patients’ full names,
home addresses, birth dates, Social Security numbers, account numbers,
driver’s license numbers, medical health records and disability codes.

The attack was discovered by a computer vendor of the company on May
12, following which an investigation and recovery process was
initiated together with a separate forensic computer vendor that was
hired by the company.

Investigators discovered that attackers had stolen patients’ data by
breaking into the healthcare provider’s systems. The cybercriminals
had infected the clinic’s system with different kinds of malware,
including the ransomware that caused the breach. Blue Springs Family
Care suspects that the attackers may likely have gained access to the
entire network of computers it used.

The firm is unsure whether the information compromised during the
breach has been used by the attackers or any other third party.

"We are keenly aware of how important your personal information is to
you, and we understand that this situation may pose an inconvenience
to you. We sincerely apologize and regret that this situation has
occurred," Blue Springs Family Care said in a statement.

Following the incident, Blue Springs has taken a few steps to
strengthen the security of its systems and devices. It said a new
firewall has been deployed to prevent further intrusion and they are
planning to adopt a new encryption program provided by an EHR
(Electronic Health Provider) vendor. The vendor will encrypt patients’
PHI registered with the clinic. The firm has also begun working on the
affected systems by quarantining them.

“Immediately after the discovery of the incident, we engaged a
forensic information technology company to assist with quarantining
the affected systems and to install software to monitor whether any
unauthorized person was accessing the system,” the healthcare provider
added.

The clinic has advised all affected individuals to activate a fraud
alert on their credit reports and monitor their reports periodically
for any suspicious activity.