PHI Compromised Due to a Ransomware Attack and an Email Security Breach

Rangely District Hospital in Colorado began informing patients concerning the April 2020 ransomware attack that affected some of their protected health information (PHI) located on its network.

The hospital detected the attack on April 9, 2020 and took action to control the attack. However, it was impossible to avert the encryption of a number of files, a few of which had patient data.

Rangely District Hospital said the preliminary attack on its networks took place on April 2, 2020, nevertheless, ransomware wasn’t installed until April 9, 2020. The hospital stated that the process of encryption was programmed, and there was no proof found that indicate data exfiltration or access. The investigation reveals that an overseas threat actor made the attack, yet it wasn’t possible to ascertain who was to blame.

Although it is presumed that the attackers didn’t gain access to patient information, it was impossible to eliminate unauthorized access. The ransomware encrypted data files that may possibly have been accessed. These types of private and PHI were included: names, addresses, phone numbers, birth dates, social security numbers, copies of driver’s license, dates of service or hospital admissions, diagnoses and medical conditions, treatment or notes of procedure and orders, prescribed medicines, visual studies, and medical insurance and claims and billing data.

Though it was likely to retrieve a lot of files from backups without having to pay the ransom, certain patient information was still not accessible. Aside from the files comprising patient data, files vital to a legacy software system were likewise encrypted and cannot be retrieved. Rangely District Hospital utilized a ‘Meditech’ database for holding patient files from August 2012 to August 2017 and the legacy software is needed to access patient information in the database. The attack didn’t impact the database itself, however, with no software program, patient files collected during that 5-year time are inaccessible. The data of some patients who obtained home health services from June 2019 to April 2020 remains unavailable. Rangely District Hospital is now looking at other alternatives to get access to the database.

Email Security Breach at MU Health Care

MU Health Care based in Columbia, MO discovered an email security breach on September 21, 2019 and began informing its patients.

The attacker was able to access the email accounts of some University of Missouri students allied with MU Health Care. The said students registered email accounts with a third party that encountered a data breach. The email credentials of the students were stolen and used to get access to their university email accounts from September 21 to September 26, 2019.

The breach just impacted the students who had their accounts accessed. The email accounts held information like names, birth dates, Social Security numbers, and some treatment and clinical data.

The breach emphasizes the importance of using distinct passwords for each account created.