Ransomware Attack on National Ambulatory Hernia Institute Impacts 16,000 Patients


The National Ambulatory Hernia Institute based in California had a ransomware attack on September 13, 2018 which resulted to the encryption of files stored on its system. The National Ambulatory Hernia Institute posted a breach notice on its website stating that the attackers possibly viewed 15,974 patients’ demographic information which were recorded prior to July 19, 2018. That indicates that first time patients who visited the institute after July 19, 2018 were not affected by the breach.

For those patients whose protected health information (PHI) were exposed, the attackers accessed limited information only, including the names, dates of birth, diagnoses, appointment schedule, and Social Security numbers. Because of the sensitive nature of some exposed data, National Ambulatory Hernia Institute advised the patients to acquire identity monitoring services for no less than one year. The breach notice did not make it certain if the healthcare provider is going to shoulder the expense of the identity theft monitoring services.

As per the National Ambulatory Hernia Institute, the private data of all patients were transferred to an off-site web server. It has stricter controls, including a tougher firewall and antivirus software for blocking ransomware attacks. Investigation of the breach is still ongoing.

The National Ambulatory Hernia Institute failed to provide any specifics concerning the type of ransomware the attackers used. The only detail presented was the association of the attack to an email address – [email protected]. This digital address was connected to a CrySiS/Dharma ransomware variant known previously as gamma. The gamma ransomware does not ask for fixed ransom demands. Victims must send an email to the attackers to find out the ransom demand and to obtain the unlock keys. There is no mention in the report if the National Ambulatory Hernia Institute paid the attackers their ransom demand to restore data access.