Over the Labor Day weekend, Oakbend Medical Center in Richmond, TX, suffered a ransomware attack. The attack started on Thursday, September 1, 2022, and saw files on its network encrypted. The medical center said its IT team took all systems offline to contain the attack, and the medical center operated under lockdown procedures while the attack was investigated by the Federal Bureau of Investigation (FBI), the Cyber-Defense Campus CYD), and the Fort Bend County Government Cyberteam.
The internal IT team ensured that all patient-centric systems were secured, and cybersecurity experts from Microsoft, Dell, and Malware Protects were engaged to investigate the attack and assess the security of its systems. Once those systems were cleaned, work commenced on rebuilding those systems and restoring them in a controlled and systematic manner. Disruption is continuing to be experienced, and there have been temporary communication issues for patients, vendors, doctors, and administrators; however, at no point was patient safety at risk and the medical center continued to operate.
In a September 9, 2022, update, Oakbend Medical Center said the recovery process is ongoing and there are still issues with the telephone and email systems, but it is working to resolve those issues as quickly as possible. While Oakbend Medical Center did not confirm whether files containing patient data were exfiltrated from its systems, the ransomware gang responsible for the attack – Daixin Team – claimed on its data leak site that files were stolen prior to file encryption that contained patient information such as names, dates of birth, medical record numbers, patient account numbers, Social Security numbers, and medical and treatment information. Some of the stolen data has been uploaded to the group’s data leak site. The group has threatened to release all of the stolen files, which are claimed to include the protected health information of more than 1 million patients. At the time of publication, it would appear that the ransom has not been paid and all communication between the medical center and Daixin Team has stopped.
Daixin Team is a relatively new threat group that is known to attack hospitals. In June 2022, the group conducted an attack on Fitzgibbon Hospital in Missouri and stole and published files containing sensitive patient data.
This post will be updated when further information about the attack is released and when the total number of affected patients is known.
The post Oakbend Medical Center Suffers Ransomware Attack appeared first on HIPAA Journal.