One of the more recent cases of healthcare ransomware potentially affected 6,851 individuals, according to the Office for Civil Rights (OCR) data breach reporting tool.
Colorado-based Allergy, Asthma & Immunology of the Rockies, P.C. (AAIR) reported that it found evidence of ransomware on its computer systems on May 16. The disturbance was first noticed when there was some difficulty in accessing documents, AAIR attorney Kari Hershey told The Post Independent.
“They weren’t able to track exactly what the hackers did, but what they did find was a draft of the ransom letter on the system,” Hershey said. “The way it was explained to me is that it essentially looked like the hackers were still testing out the ransomware.”
Along with notifying OCR, local law enforcement has been involved in the investigation. Furthermore, AAIR is having a forensic IT company conduct a full assessment to ensure that no other additional security measures are necessary.
The allergy clinic added that it had been advised by IT specialists to completely replace its hard drives, rather than trying to clean them. The AAIR system was also reportedly rebuilt and backed up before the healthcare ransomware attack took place. The firewall was also reconfigured and passwords had been changed.
While AAIR did not specify what type of information may have been affected, it was reported that their system contained PHI, including test results and Social Security numbers. However, AAIR immediately shut the server down upon realizing the potential breach of information and contacted a forensic IT company.
As previously discussed, ransomware is a type of malware that usually keeps organizations from accessing certain parts of its system. In terms of healthcare, hospital employees could be locked out from critical systems, such as EHRs, and may be unable to get in unless they pay a fee demanded by the attackers.
There have been several reported cases of healthcare ransomware in 2016, some even stemming from known security flaws.
For example, Washington, D.C. and Maryland health system MedStar Health reported earlier this year that it had experienced a healthcare ransomware attack. MedStar said it shut down its email and EHR systems to stop the virus from potentially spreading.
However, attack allegedly occurred after hackers found that MedStar Health uses JBoss, which is an application server with a recognized design flaw. The hackers used Samas, or “samsam,” a virus-like software, to scan the Internet for vulnerable JBoss servers.
The Associated Press reported that security researchers had found that the JBoss application server was “routinely misconfigured to allow unauthorized outside users to gain control.”
Another extreme case of healthcare ransomware took place at Hollywood Presbyterian Medical Center (HPMC), where the facility had to pay $17,000 to regain control of its EMR system.
“The malware locked access to certain computer systems and prevented us from sharing communications electronically,” the hospital explained in a statement. “Law enforcement was immediately notified. Computer experts immediately began assisting us in determining the outside source of the issue and bringing our systems back online.”
HPMC regained control of its EMR system on February 15, with all systems being cleared of the malware, according to HPMC President and CEO Allen Stefanek.
“I am very proud of the dedication and hard work of our staff who have maintained the highest level of service, compassion and quality of care to our patients throughout this process,” Stefanek said. “I am also thankful for the efforts of the technical staff as the EMR systems were restored, and their continued efforts as other systems are brought back online.”