Salina Family Healthcare, based in Kansas, has announced that they were subjected to a ransomware attack earlier this year. They stated that the ransomware was installed on servers and workstations at their offices, resulting in the encryption of their patients’ protected health information (PHI). The healthcare organisation expressed uncertainty as to whether the PHI had been stolen by an unauthorised individual during the attack.
The ransomware attack occurred on June 18, 2017. Salina Family Healthcare noticed the attack immediately, and took rapid action to limited the extent of the attack by securing its systems. Their security team could restore the encrypted data from recent backups, so they did not pay the ransom to the hackers.
A third-party computer forensics firm was contracted to analyze its systems. They launched an investigation to determine how the ransomware was installed and whether the attackers succeeded in gaining access to or stealing patient data. While evidence of data theft was not uncovered, the analysts was unable to rule out the possibility that the actors behind the attack viewed or copied patient data.
The protected health information potentially accessed includes names, addresses, dates of birth, Social Security numbers, medical treatment information, and health insurance details. While data access was possible, there have yet to be any reports of fraud or identity theft to suggest any PHI has been stolen and misused. However, patients should be alert to the possibility of data theft. It is recommended that they should monitor their accounts and Explanation of Benefits statements closely for any sign of fraudulent activity.
Patients potentially impacted by the attack have now been notified of the security breach in accordance with HIPAA’s Breach Notification Rule. As compensation for the attack, Salina Family Healthcare have offered credit monitoring and identity theft restoration services for 12 months without charge.
Since the attack, Salina Family Healthcare has implemented new measures and updated their security systems to improve security following the ransomware attack. Those measures include upgrading network servers, regularly scanning the network for viruses, providing the workforce with additional security training on malware threats, and limiting Internet access for staff to reduce exposure.
In compliance with HIPAA regulation, a breach report was submitted to the Department of Health and Human Services’ Office for Civil Rights. The report indicates 77,337 patients and payment guarantors have potentially been impacted by the security incident.