Ransomware Attacks on Illinois and California Clinics Reported

The Quantum Vision Centers and Eye Surgery Center located in Illinois is notifying its patients about the potential compromise of some of their protected health information (PHI) because of a ransomware attack in April 2019.

An unauthorized person accessed Quantum systems on April 18, 2019 and installed ransomware, which encrypted files. The information contained in the encrypted files included names, birth dates, addresses, medical insurance data, and Social Security numbers.

A hired third-party computer forensics company investigated the incident to find out the nature and extent of the ransomware attack. Though the investigation is still in progress, the investigators is convinced that the attack was not intended to steal patient data. It seems that the only purpose of the attack was to extort money from the company.

Quantum Vision is now recovering the encrypted files and implementing backup measures to be sure to provide services can continue to be provided to patients, although there were some disruption.

The exact number of affected patients is unclear at the moment. The company offered the affected people credit monitoring services for one year.

Another ransomware attack occurred at Marin Community Clinics in California last week. The incident caused substantial disruption to the Clinics’ IT systems.

The attack took place from 9 pm to 10 pm on June 19, 2019. There was widespread file encryption and attackers issued a ransom demand. Marin Community decided to pay an undisclosed amount for the ransom, after asking its network operator.

Because of the attack, its computer systems became inaccessible. Despite having the keys to decrypt the files, it took several days to recover the files. The target date for all computer systems to be back online is on June 22, 2019.

Even while computer systems were inaccessible, the hospital continued providing patient services in emergency mode. Patient data was manually documented on paper and will be encoded to the systems when all is working again. The data recovery process is in progress and no major data loss is expected.

Mitesh Popat, Marin Community Clinics’ CEO, mentioned on the Marin Independent Journal that there was no compromise of patient data and there was no loss of key data; nevertheless, loss of minor data for some patients may occur in the course of data recovery.

It is presently unknown how the attackers were able to deploy the ransomware and for how long they accessed its systems before deploying the ransomware.