The Baton Rouge Clinic located in Louisiana suffered a cyberattack at the beginning of July that made its email and phone system inaccessible and constrained its laboratory and radiology services. The ransomware attack caused systems to shut down for a few weeks. It has been two months now since the attack and the external email system has not been restored.
There is no breach of the clinic’s medical record system, therefore the information potentially accessed and/or acquired were minimal. The clinic issued a statement that attributed the attack to a foreign adversary. It is not clear if the clinic paid the ransom. The statement just mentioned that Baton Rouge Clinic followed whatever recommendations its cybersecurity company gave during its meeting with the FBI.
The breach investigation confirmed the potential access of the attackers to the protected health information (PHI) of 85 people, who already received their notifications. The potentially compromised data included EMR information downloaded to be able to process claims to insurance firms.
308,000 patients also received individual breach notification letters. Baton Rouge Clinic believes that those persons are not at risk however they are instructed to be cautious and to watch out for suspicious email messages.
Blackbaud Ransomware Attack Impacts NorthShore University Health System, UK HealthCare, and Main Line Health
NorthShore University Health System, Main Line Health, and the University of Kentucky (UK) HealthCare, recently confirmed that they were impacted by the Blackbaud ransomware attack.
The attackers accessed the Blackbaud’s systems from February 7 to May 20, 2020, and stole backups of databases before deploying the ransomware. Blackbaud paid the ransom and acquired the file decryption keys with the assurances from the attackers that they have securely and permanently deleted all stolen data.
NorthShore University Health System located in Evanston, IL also confirmed the compromise of 348,000 patients data because of the attack. The compromised information only included names, birth dates, and some clinical data. It is believed that there is a low risk for affected individuals.
UK HealthCare stated that there was a compromise of information belonging to roughly 163,000 donors who were former patients in the hospital. The compromised information only included names, birth dates, addresses, medical record numbers, area of service, dates of admission, and attending physicians.
The attack likewise affected Main Line Health’s donor database. The compromised database included the names of patient donors or potential donors, genders, birth dates, ages, medical record numbers, treatment date(s), department(s) of service, and treating doctors. The attack affected 60,595 persons.