Wright & Filippis, the prosthetics, orthotics, and accessibility service provider based in Rochester Hills, MI has just reported that it encountered a ransomware attack on its system. The attack happened from January 26 to January 28, 2022, and even if the firm’s endpoint security solution detected the attack soon after the ransomware was initiated, it did not stop the encryption of a number of files on its system.
Third-party security specialists investigated the nature and extent of the attack, which concluded on or about May 2, 2022. It was confirmed that the attacker accessed files made up of the protected health information (PHI) of patients and employees and extracted some files from its system. The investigation stated that the attack did not impact its human resources systems and its electronic health record system.
A thorough analysis of all files possibly exposed in the attack showed they comprised the PHI of 877,584 present and past patients, workers, and job seekers. The names, dates of birth, patient numbers, financial account numbers, Social Security numbers, and/or medical insurance details of impacted individuals were compromised. The names, dates of birth, driver’s license numbers, Social Security numbers, and/or state IDs of present and past workers and job seekers were exposed, including the financial account numbers of a few individuals.
Wright & Filippis stated that during the issuance of notification letters, there was no proof found that suggests the attempted or actual misuse of the stolen data; nonetheless, as a safety precaution, impacted persons were provided free access to fraud consultation, identity monitoring, and identity theft restoration services. The late issuance of notifications to impacted persons was because of the time-demanding process of looking into the breach, going over the impacted files, and verifying contact details for impacted persons.
Wright & Filippis reported that it has put in place extra endpoint detection and response software program, changed all passwords and restored all the impacted servers.