Richmond, Texas-based Oakbend Medical Center has recently announced that they have experienced a ransomware attack. On September 1, 2022, the healthcare provider discovered a file had been encrypted on its network. Oakbend Medical Center promptly ordered its IT department to take all of its systems offline to limit the threat of the attack. Following this, the attack was reported to the U.S. Federal Bureau of Investigation who launched an investigation in collaboration with the Cyber-Defense Campus, and the Fort Bend County Government Cyberteam to determine the nature of the attack and what information had been potentially obtained by the threat actors.
The Oakbend Medical Center’s IT department and CFO secured all patient-centric systems and employed cybersecurity specialists from Microsoft, Dell, and Malware Protects cybersecurity to conduct an investigation to assess the attack and evaluate its system cybersecurity. After those systems were cleaned, production began on carefully and methodically restoring and repairing them. Although there has been some disruption and there have been brief communication problems for patients, vendors, physicians, and administrators, patient safety has never been in danger, and the medical facility has continued to operate.
On Tuesday, September 13, 2022, Oakbend Medical Center released an update informing its patients that they may contact the healthcare provider via email and telephone. While the center’s email is back operating following the attack, its telephone system is still operating without adequate voicemail capabilities. Oakbend Medical Center hopes to rectify this by the end of the week. The healthcare provider was unable to determine whether the files exfiltrated by the attackers contained sensitive patient information. However, the ransomware gang, Daixin Team, made claims on its data leak website that the files encrypted had contained information such as full names, birth dates, medical record numbers, patient account numbers, Social Security numbers, and medical information. Threats have been made by the gang to publish all of the stolen data, which is said to contain over 1 million patients’ sensitive health information. However, no ransom has been paid by Oakbend Medical Center and all communication between the two parties has stopped.