40,800 Patients Affected by Ransomware Attack on Fetal Diagnostic Institute of the Pacific

by

The Fetal Diagnostic Institute of the Pacific (FDIP) located in Honolulu, Hawaii encountered a ransomware attack on June 30, 2018. A file-encrypting software was installed on a server and different types of files which include medical records were encrypted.

FDIP appointed a top notch company to look into the breach and find out if the attackers viewed the protected heath information (PHI) of patients. The cybersecurity company also assisted in managing the breach. To date, there is no information that indicate that unauthorized people accessed or stole PHI. Nevertheless, it is not possible to rule out data access or data theft. Therefore, FDIP informed the persons impacted by the breach and the Department of Health and Human Services’ Office for Civil Rights (OCR) regarding this breach.

The encrypted files were analyzed and the results revealed they contained patient PHI. The exposed information of the patients may have included names, addresses, birth dates, diagnoses, account numbers and “other types of data.” No financial data was encrypted. According to the data breach report, there were 40,800 past and present patients impacted by the breach.

FDIP took action right away to resolve the breach and remove the malicious software from the server and restore all encrypted files. As of now, all systems had been cleaned and there is no more malware. Security defenses were upgraded to prevent security breaches and unwanted access of patient data.

The patients will most likely experience no problem as a result of the ransomware attack. But in case of any suspicious activity that is related to the data breach, the patients can get in touch with FDIP to report the problem. As of 2009, this is the fifth security breach having over 500 patient records that a covered entity based in Hawaii has reported to OCR.