Nearly 300,000 Patients Affected by Ransomware Attack


Women’s Health Care Group of Pennsylvania has announced that they have been subject to a data breach. The organisation states that the breach was noticed in May, and they have notified nearly 300,000 patients that some of their sensitive protected health information has been compromised. The group is one of the largest healthcare networks in the state.

The types of data exposed – and potentially stolen – include names, addresses, dates of birth, lab test orders, lab test results, blood types, race, gender, pregnancy status, medical record numbers, employer information, insurance details, medical diagnoses, physicians’ names and Social Security numbers.

Women’s Health Care Group has offered identity theft protection services too all patients affected by the breach. It is recommended that those affected activate the security services promptly, as hackers gained access to a server and workstation containing the above information in January this year. As the breach was only noticed in May, there was a long period during which PHI may have been stolen.

In May, a virus was installed on a server/workstation preventing the hospital from accessing patient data. While ransomware can be installed because of a phishing email or software vulnerability, in this case it appears to have been deployed by individuals who already had access to its systems. This is often the case when a virus is installed. If hackers manage to gain access to a healthcare network, it is becoming increasingly common for ransomware to be deployed when access to the system is no longer required, such as when all useful data have been exfiltrated, for instance.

Women’s Health Care Group of Pennsylvania worked quickly to isolated the affected devices to prevent the spread of the infection. They contracted external cybersecurity experts to conduct a forensic investigation to determine the nature and scope of the security breach. The Federal Bureau of Investigation was also notified of the breach.

While a ransom demand had been issued by the attackers, as all data could be recovered from a backup server, no money was paid to the hackers. Women’s Health Care Group of Pennsylvania says no protected health information was lost during the attack.

The investigation revealed that hackers had first gained access to its systems in January 2017 after taking advantage of a security vulnerability. The same vulnerability in the system is believed to have been used to install ransomware. While Women’s Health Care Group of Pennsylvania did not find any evidence to suggest information on the server or workstation had been viewed or stolen, data access and theft could not be ruled out. They advise that all affected patients be vigilant of fraudulent activates on their accounts.

This is the second ransomware incident to be reported in the past few weeks. Earlier this month, Peachtree Neurological Clinic of Atlanta, GA announced that an investigation into a ransomware attack revealed its systems had been compromised 15 months previously. With the rise of such attacks, security systems will need to be developed to prevent access to PHI soon.