Ransomware Attack on Brandywine Urology Consultants Potentially Impacts Over 113,000 Patients

A ransomware attack on Brandywine Urology Consultants based in Delaware on January 25, 2020 resulted in the encryption of files stored on its servers and computer systems. The scope of the attack was limited and the practice’s electronic medical record system was not affected. No medical records were exposed or compromised in the attack.

The practice took action immediately and isolated the attack to minimize the impact. Following the security of its systems, the provider performed a comprehensive scan to make sure there were no malicious software programs or code left in their systems. It was confirmed that Brandywine Urology Consultants has completely neutralized the attack.

A third-party security firm extensively investigated the ransomware attack to find out if the attackers had accessed or stolen patient data. Although a lot of ransomware gangs perform manual attacks and download data before deploying the ransomware payload. Based on the investigation results, this incident was a planned attack and its sole purpose was to encrypt files to extort cash from the provider.

The ransomware attack investigation is not yet finished. However, thus far, there is no evidence found that suggests the unauthorized access or theft of data. Even so, the possibility of unauthorized data access cannot be ruled out, therefore Brandywine Urology Consultants sent breach notification letters to all patients who had their protected health information (PHI) stored in the compromised server or system.

Based on the substitute breach notice posted by Brandywine Urology Consultants on its website, the following types of information were potentially compromised: names, addresses, medical file numbers, claims information, Social Security numbers, and other financial or personal data.

The IT security company together with the practice were evaluating security defenses, policies, and guidelines. To prevent data breaches in the future, steps to enhance security were implemented to make sure the reliability of its systems. The practice has replaced its central server and reimaged or replaced the computers impacted by the attack. It also updated its antivirus software and conducted penetration tests to determine other areas that need security improvement.

The HHS’ Office for Civil Rights posted a breach summary on its portal indicating that the attack potentially impacted 131,825 patients.