Parkview Medical Center in Pueblo, Colorado is recovering from a ransomware attack that started on April 21, 2020. The attack resulted in several IT systems being taken out of action, including its Meditech electronic medical record system, which has been rendered inoperable. The attack is currently being investigated and assistance is being provided by a third-party computer forensics firm.
Parkview Medical Center is currently working around the clock to bring its systems back online and recover the encrypted data. In the meantime, medical services continue to be offered to patients, who remain the number one priority. Staff have switched to pen and paper to record patient information until systems can be brought back online. Despite not having access to important systems, the medical center says the level and quality of care provided to patients has not changed.
A spokesperson for the medical center said, “While our medical staff continue to work around the clock in response to the ongoing global pandemic, we are doing everything in our power to bring our systems back online as quickly and securely as possible.” The hospital’s website still says systems remain out of action on Wednesday, April 29.
It is not known if this was a manual or automated ransomware attack and if any sensitive data was exfiltrated by the attackers prior to the deployment of ransomware.
ExecuPharm Attacked with Maze Ransomware
On March 13, 2020, the King of Prussia, PA-based pharmaceutical company ExecuPharm experienced a Maze ransomware attack in which sensitive data was stolen. The Maze ransomware operators conduct manual ransomware attacks and steal data from victims before encrypting data. They also threaten to publish the data if the ransom payment is not made, as was the case with this attack.
The attackers have previously stated in a press release that they would be halting ransomware attacks on medical organizations during the COVID-19 pandemic, but that clearly does not appear to apply to pharma firms. In this case the data uploaded to the Maze website includes financial information, documents, database backups, and other sensitive data.
According to a statement issued by ExecuPharm, aa leading cybersecurity company has been retained to assist with the investigation and determine the nature and scope of the breach. The incident has been reported to law enforcement and all affected parties have been notified.
In addition to company information, the personal data of employees has also been accessed and exfiltrated by the attackers. That information includes Social Security numbers, financial information, driver licenses, passport numbers, bank account information, IBAN/SWIFT numbers, credit card numbers, national insurance numbers, beneficiary information and other sensitive data. Some data relating to its parent company, Parexel, was also stolen in the attack. Affected individuals have been offered identity theft monitoring services for 12 months free of charge.
The company has rebuilt its servers from backups and once systems have been restored, all data will be recovered from backups. Measures are also being implemented to harden security against these types of attacks, which include multi-factor authentication for remote connections, endpoint protection, and detection and response forensics tools on all systems. Email security measures have also been improved to block ransomware emails.
Brandywine Counselling and Community Services Suffers Ransomware Attack
Brandywine Counselling and Community Services in Delaware has also recently been attacked with ransomware.
The attack was detected on February 10, 2020 and a computer forensic firm was hired to assist with the investigation. The investigation determined servers impacted by the attack contained some client information which was acquired by the attackers.
The attack has been reported to the HHS’ Office for Civil Rights as affecting 4,262 individuals. The data stolen in the attack includes clients’ names, addresses, dates of birth, and/or limited clinical information, such as provider name(s), diagnosis, prescription(s), and/or treatment information, and a limited number of Social Security numbers and driver’s license numbers.
Individuals whose Social Security number or driver’s license number was compromised have been offered complimentary credit monitoring and identity theft protection services. Additional security measures are being implemented to prevent further ransomware attacks in the future.
The post Ransomware Attackers Claim Three More Healthcare Victims appeared first on HIPAA Journal.