Two More Ransomware Attacks on Patient Care Orgs | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Two More Ransomware Attacks on Patient Care Orgs

October 5, 2016
by Rajiv Leventhal
| Reprints

Two more healthcare organizations have acknowledged in the last week that they were victims of what looks to be ransomware attacks on their servers.

For one, Greenbrae, Calif.-based Marin Healthcare District (MHD) received notice in late July that Marin Medical Practices Concepts, Inc., (MMPC), the company that provides MHD with business and healthcare system services, experienced a ransomware infection. More than 5,000 patients were then notified that some of their medical data was lost due to a glitch that followed the ransomware attack, according to the Marin Independent Journal.

According to the Independent Journal report, the security incident also affected patients of physicians with Prima Medical Group who work with Marin General Hospital. In that story, Lynn Mitchell, CEO of Marin Medical Practice Concepts, confirmed the malware attack. In an email to the Independent Journal, Mitchell wrote, “Ransom was paid. For security reasons we will not be releasing the amount or denomination paid.”

And, according to a privacy notice on the organization’s website, although a third-party forensic firm hired to investigate this incident found no evidence that patient personal, financial, or health information was accessed, viewed, or transferred, during the restoration process, one of MMPC’s backup systems failed, causing information to be lost that was collected at the district’s nine medical care centers during a two-week span in July.

This information includes vital signs, limited clinical history, documentation of physical examinations, and any record of the communication between patients and their physician during a visit in that 15 day period. Results of diagnostic tests were not lost and patients do not need to be re-tested, officials said. MHD is mailing letters to potentially affected individuals and has established a call center to address questions or concerns.

Meanwhile, Oxford, Miss.-based Urgent Care Clinic of Oxford also has admitted that it has been the victim of a criminal cyber attack that may have affected the personal information of current and former patients. According to databreaches.net, in a notification letter to affected patients, the organization said that sometime in early July, its server was hacked. The breach was discovered on August 2nd when staff noticed the computer system running more slowly than usual. From the sound of their notification, it sounds like the clinic paid a ransom demand, the website noted: “The hackers held the server for ransom before turning control back over to the Urgent Care staff.”

That report also stated that the clinic has claimed that a forensic investigation suggested that the attack was carried out by Russian hackers. The types of protected health information (PHI) on the server included patients’ names, social security numbers, dates of birth, and other personal information, as well as any health information on file. The clinic was unable to determine which patients, specifically, may have been affected by the breach, the report stated.

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

HIMSS Names Hal Wolf as New President and CEO

The Chicago-based Healthcare Information and Management Systems Society (HIMSS) has named Harold “Hal” Wolf III as its new president and CEO, to succeed H. Stephen Lieber.

ONC Seeking Feedback on Common Agreement and Exchange Framework

On Monday, the Office of the National Coordinator for Health Information Technology (ONC) kicked off the first of three meetings and webinars to inform the public about the department’s work related to the implementation of the 21st Century Cures Act trusted exchange framework and common agreement provisions.

NIH Announces First Community Partners for All of Us Research Effort

The National Institutes of Health (NIH) announced its first four community partner awards to begin building a national network of recruiters for its All of Us Research Program, part of the Precision Medicine Initiative.

Survey: Clinicians Rate Biometric Devices as Most Effective Patient Engagement Tech

There are many technologies for engaging patients in their own care, but according to a survey of members of the NEJM Catalyst Insights Council, patient portals are not viewed as the most effective technology for patient engagement initiatives.

Pragmatic Clinical Trials Network to Focus on Genomic Medicine Interventions

The federal National Human Genome Research Institute has announced a five-year effort to conduct pragmatic clinical trials to measure the clinical utility and cost-effectiveness of genomic medicine interventions and assess approaches for real-world application of genomic medicine in diverse clinical settings.

Six State HIEs Now Participating in Patient Center Data Home Across the West

An HIE-to-HIE hub, known as the Patient Centered Data Home and spearheaded by SHIEC, is expanding across the West, with six states now connected and exchanging admission, discharge and transfer notifications for patients.