Ransomware Attack on Minnesota Health Facility
A Minnesota healthcare facility specializing in treatments for the face, teeth, mouth, and jaw has been hit by a ransomware attack.
On September 23, 2019, threat actors struck a server used by the organization. IT staff were able to intervene immediately to restore the impacted data. No mention was made as to the amount of money demanded by the attackers or whether the ransom was paid.
All 80,000 patients of the facility are being informed of the incident, which SEMOMS said "may have resulted in the inadvertent exposure of patients’ health information."
In a statement published on their website, SEMOMS said: "Although at this time there is no evidence that patient information was actually accessed or viewed, or any indication of anyone’s information being misused, the practice has taken steps to notify anyone who may have been affected by this incident, including sending letters to anyone whose information may have been exposed."
Computer forensic experts, hired by SEMOMS to discover what, if any, information had been accessed in the attack, were unable to give a definitive answer.
SEMOMS said: "After examining the impacted server, the investigation was unable to determine if patients’ names and X-ray images had been viewed or accessed by an unknown, unauthorized third party.
"While our investigation did not identify specific activity surrounding patients’ information, we are notifying potentially impacted individuals out of an abundance of caution."
Letters sent to potentially impacted patients include information about what occurred and a toll-free number where patients can learn more about the incident.
SEMOMS gave a reassurance that any patients' financial information, medical records, or Social Security numbers that had been provided to the health organization had not been impacted by the event.
The incident has spurred SEMOMS to carry out a review of their current cybersecurity protection and procedures.
SEMOMS said: "SEMOMS remains committed to protecting patients’ information and has taken steps to prevent a similar event from occurring in the future, including reviewing and revising its information security policies and procedures."
Source: Information Security Magazine