[BreachExchange] Ransomware Attack on Minnesota Health Facility

Destry Winant destry at riskbasedsecurity.com
Tue Dec 10 10:03:07 EST 2019


A Minnesota healthcare facility specializing in treatments for the
face, teeth, mouth, and jaw has been hit by a ransomware attack.

Southeastern Minnesota Oral & Maxillofacial Surgery (SEMOMS) announced
the data security incident on Thursday via their website.

On September 23, 2019, threat actors struck a server used by the
organization. IT staff were able to intervene immediately to restore
the impacted data. No mention was made as to the amount of money
demanded by the attackers or whether the ransom was paid.

All 80,000 patients of the facility are being informed of the
incident, which SEMOMS said "may have resulted in the inadvertent
exposure of patients’ health information."

In a statement published on their website, SEMOMS said: "Although at
this time there is no evidence that patient information was actually
accessed or viewed, or any indication of anyone’s information being
misused, the practice has taken steps to notify anyone who may have
been affected by this incident, including sending letters to anyone
whose information may have been exposed."

Computer forensic experts, hired by SEMOMS to discover what, if any,
information had been accessed in the attack, were unable to give a
definitive answer.

SEMOMS said: "After examining the impacted server, the investigation
was unable to determine if patients’ names and X-ray images had been
viewed or accessed by an unknown, unauthorized third party.

"While our investigation did not identify specific activity
surrounding patients’ information, we are notifying potentially
impacted individuals out of an abundance of caution."

Letters sent to potentially impacted patients include information
about what occurred and a toll-free number where patients can learn
more about the incident.

SEMOMS gave a reassurance that any patients' financial information,
medical records, or Social Security numbers that had been provided to
the health organization had not been impacted by the event.

The incident has spurred SEMOMS to carry out a review of their current
cybersecurity protection and procedures.

SEMOMS said: "SEMOMS remains committed to protecting patients’
information and has taken steps to prevent a similar event from
occurring in the future, including reviewing and revising its
information security policies and procedures."

More information about the BreachExchange mailing list