The email account breach was first noticed by Adventist Health Sonora’s information security team on September 30, 2019. Swift action was taken to safeguard the compromised Office 365 account and an investigation was launched to determine the range of the breach.
The investigation showed that that access to the Office 365 account was obtained after a response to a phishing email and that it was an isolated occurrence. No other email accounts or systems were impacted.
The aim of the attack seems to have been to redirect invoice payments and defraud the hospital and its vendors, rather than to obtain sensitive patient data.
Adventist Health Sonora stated publicly that a comprehensive review of the affected account showed on October 14, 2019 that the account included the protected health information of 2,653 patients. The sort of information exposed included names, dates of birth, medical record numbers, health insurance data, hospital account numbers, and medical information related to the care conducted at the hospital.
No proof was found to indicate if any patient information was acquired by the hacker but, out of an abundance of caution, impacted patients have been notified and offered free identity theft protection services for 12 months.
Great Plains Health Has Rescued 80% of Systems Impacted by November 2019 Ransomware Campaign
Great Plains Health in North Platte, NE, suffered a ransomware attack in November 2019 which saw its network encrypted. The decision was taken not to meet the ransom demand and instead to restore systems from backups. It has been a time-consuming and painstaking process, but hospital officials have revealed that the process is now 80% finished.
Restoration of systems was given complete priority with the most important patient systems restored first. It took two weeks for critical patient systems to be brought back online. Members of staff battled round the clock to ensure systems were restored in the quickest possible time frame. Throughout the attack and recovery process patients continued to receive medical services and no patients were denied treatment or redirected to other healthcare facilities.
Hospital officials have now revealed that all main IT systems have now been brought back online and the ransomware attack is no longer having any affect on any kind of patient care. Only archives now need to be brought back online, which include information rarely used by the hospital.