Threat actors nowadays commonly use ransomware for file encryption to prevent data access. In addition, they steal information and threaten the victims that their stolen data will be published or sold if they would not pay the ransom. This new strategy is meant to get the victims to pay the ransom.
One of the healthcare providers that experienced this type of attack is the Center for Facial Restoration in Miramar, Florida. On November 8, 2019, Richard E. Davis MD FACS of The Center for Facial Restoration got a ransom demand telling him about the breach of his clinic’s server and the stolen data. The attacker threatened to publicly expose the data or sell it to third parties if the company would not pay the ransom.
Dr. Davis submitted a complaint with FBI’s Cyber Crimes Center and talked to the FBI agents looking into the incident. After the attack, about 15 to 20 patients told Dr. Davis that the attacker contacted them and asked them to pay a ransom. The attacker told the patients that their photographs and personal information will be exposed if they fail to pay the ransom.
The substitute breach notice issued by Dr. Davis indicated that the compromised server stored the information of around 3,600 patients. It is possible that all patient records had been stolen by the attackers, but it is believed that only a few of the patients’ photographs and personal information were stolen.
Determining which patients were affected took some time because most of the patient records were saved as scanned patient intake forms instead of a database. Opening every file and examining each manually was painstakingly slow and time-consuming.
The types of information exposed was restricted to photocopies of passports or driver’s licenses, insurance policy numbers, home and email addresses, phone numbers, and credit card numbers, showing only the last 4 digits.
The Center for Facial Restoration already notified all patients potentially impacted by the breach and the provider is implementing better security such as changing all hard drives and installing new firewalls and anti-malware software programs. The company did not pay the ransom demand.
Ransomware Attack on Children’s Choice Pediatrics Affects 12,689 Patients
Children’s Choice Pediatrics in McKinney, Texas informed 12,689 patients regarding the potential unauthorized access of some of their protected health information (PHI) after a ransomware attack and the likely extortion of money from the provider.
The network attack happened sometime on October 27, 2019 and resulted in data encryption. Children’s Choice has data backups and tried to recover all files, which the ransomware encrypted. After the completed restoration process, not all patient data were restored.
Impacted patients were instructed to stay alert for possible data misuse and to keep track of their account statements for indications of fraudulent transactions. There is no report received that indicate the misuse or theft of any patient data. Children’s Choice already toughened its security to stop the same attacks from happening again.