Dharma Ransomware Attack on Altus Baytown Hospital

Altus Baytown Hospital in Baytown, TX, has announced that it was recently a victim of a ransomware attack, with their servers being infected with the malware strain “Dharma”. 

The attack was discovered on September 3, 2018. The malware encrypted many of their patient records, and a ransom demand was issued to the hospital. Altus Baytown Hospital launched an internal investigation into the breach, and hired a third-party computer security firm to assist with the decrypting the files. All of the affected files were recovered, and the hospital did not pay a ransom to the attacker. 

Altus Baytown Hospital has stated that their electronic health records were not affected by the attack, but files containing patient information were made inaccessible to them. The information contained in the encrypted files included names, home addresses, contact telephone numbers, birth dates, Social Security numbers, credit card information, driver’s license numbers, and medical information. There is no evidence that any of this information was accessed by the cybercriminal responsible for the attack, and no indication that the data has been used for nefarious purposes. 

Although Altus Baytown Hospital is confident that no PHI was stolen during the attack, in their breach notice posted on databreaches.net, they urge all patients of their facility to take caution and protect themselves against identity theft. They recommend that all patients monitor their account statements and credit reports for signs of any suspicious activity, and be wary of any individual asking for personal information in an email or on the phone, as they may be part of a scam. They urge patients who believe that their data has been used for malicious purposes to contact the relevant law enforcement officials immediately for assistance. 

The investigator determined that the attacker gained access to the hospital’s servers before deploying the ransomware. The ransomware used in the attack was of the Dharma variant, which was first seen in 2016.  Altus Baytown Hospital believes the aim of the attack was solely to extort money from the hospital, and that theft of patient information was not a primary concern for the attacker. 

Ransomware attacks on healthcare facilities have become increasingly common. According to Verizon, the communications company, it was the most-used type of malicious software in 2018, accounting for 39% of malware phishing attacks. This is double the proportion of malware attacks which were made with ransomware in 2017. In most cases, ransomware is delivered to a system through a phishing attack. An organisation’s system can be easily compromised when scam emails which contain infected attachments are opened by employees. Educating employees on how to spot suspicious scam emails is a good first line of defence against attacks of this nature. 

While the attack was limited to Baytown hospital servers, some of the information stored on those servers came from the following affiliated entities: Altus Women’s Center of Baytown, LP, LP, Clarus Imaging (Baytown), Oprex Surgery (Baytown), LP, Clarus Imaging (Beaumont), LP, Altus Radiation Oncology Baytown, LP, and Zerenity Baytown, LP.

In response to the attack, Altus Baytown Hospital has taken steps to improving their organisation’s security systems. They have hired third-party risk and security consultants to assist in the upgrades to the hospital’s technical safeguards.