[BreachExchange] Malware Attack Disables Servers at Physician Network Affiliated with Boston Children’s Hospital

[Destry Winant]

https://www.hipaajournal.com/malware-attack-disables-servers-at-physician-network-affiliated-with-boston-childrens-hospital/

On Monday, February 10, 2020, Pediatric Physicians’ Organization at
Children’s (PPOC), a physician group affiliated with Boston Children’s
Hospital, experienced a malware attack that caused a system outage
which prevented its 500+ pediatricians, nurse practitioners, and
physician assistants from accessing patient data and scheduling
calendars.

PPOC has approximately 200 servers, 11 of which were impacted by the
attack. IT teams at PPOC and Boston Children’s Hospital worked swiftly
to contain the malware and the affected servers have now been
quarantined. Servers unaffected by the attack were shut down as a
precautionary measure. Boston Children’s Hospital issued a statement
confirming its systems were unaffected by the attack.

Patients were advised to reschedule non-urgent appointments as health
records cannot be accessed until the malware is removed and the
servers are brought back online. Children’s Hospital issued a
statement on Wednesday saying progress was being made restoring the
servers, but it was still unclear how long the recovery process would
take.

PPOC has over 100 practices across the state of Massachusetts and
serves more than 350,000 patients. It is currently unclear what type
of malware was involved and whether it allowed hackers to gain access
to patient data.

Central Kansas Orthopedic Group Suffers Ransomware Attack

Central Kansas Orthopedic Group (CKOG) in Great Bend, KS suffered a
ransomware attack in November 2019 that resulted in the encryption of
patient records.

The attack was discovered on November 11, 2019. The attackers sent a
ransom demand which CKOG refused to pay. All encrypted files,
including patient medical records, were successfully restored from
backups.

A third-party forensic investigator was retained to assist with the
investigation and determine whether patient data had been accessed or
copied by the attackers prior to the deployment of ransomware. The
investigation uncovered no evidence to suggest the attackers accessed
or stole patient data and no reports of data misuse have been
received.

The types of information that could potentially have been accessed
included names, addresses, email addresses, dates of birth,
state-issued ID numbers, driver’s license numbers, health information
related to treatment provided by CKOG, Social Security numbers, and
health insurance information. All affected patients have been notified
by mail and offered identity theft protection services through ID
Experts.

CKOG is now reviewing its security platform and has started
implementing additional security protocols to harden its security
posture.

The HHS’ Office for Civil Rights breach portal shows 17,214 patients
were potentially affected by the attack.