[BreachExchange] 320, 000 patient files at risk from ransomware in a Utah attack

Destry Winant destry at riskbasedsecurity.com
Thu Sep 12 10:11:21 EDT 2019


Premier Family Medicine was attacked with ransomware in July,
preventing access to a number of information systems and the data

Now, as many as 320,000 patients will be notified by Premier Family--
a large organization with 10 locations around Pleasant Grove,
Utah—that their protected health information may have been put at

“Even though our investigation has found no reason to believe patient
information was accessed or taken, we are very concerned that this
event even occurred and have taken steps to further enhance the
security of our systems,” says Robert Edwards, chief administrator.

In a letter to patients, Edwards explained ransomware and how it
works. “Recently, national media outlets have been reporting on the
dramatic rise in ransomware attacks impacting all industries but
especially those in technology, healthcare and government.”

“Ransomware involves malicious software that is deployed by cyber
criminals through various means to lock organizations out of their
electronic systems and then demand payment in order to regain access.”
The letter did not address if Premier Family Medicine paid ransom.

Barry Shteiman, vice president at Exabeam, a vendor of security
management and end-to-end detection software, says to pay or not pay
is the million-dollar question when it comes to ransomware. “While
many security experts warn about paying ransoms or entering into
negotiations, the answer, in reality, comes down to simple economics,”
he contends. If the downtime caused by data being unavailable or the
backup restoration process is more expensive than paying the ransom,
then organizations should pay.

“Equally, if giving up on the encrypted data has a higher cost in lost
revenue or intellectual property than remediation, then you could also
see why an organization would pay the ransom. Of course, this is a
last resort if all other options have been exhausted.”

More information about the BreachExchange mailing list