Ransomware hits pediatric group, affecting 55,000 patients’ data
A four-site pediatric practice serving the San Antonio metropolitan area successfully fought off a ransomware attack, but it still is offering 55,447 patients identity and credit protection services from Equifax Personal Solutions.
Before the attack, ABCD Pediatrics already had software applications that supplied network filtering and security monitoring, intrusion detection, and firewall, antivirus and password protection.
The practice became aware of the attack on February 6, when an employee discovered a virus that began encrypting servers. The encryption was slowed significantly by existing antivirus software, the firm explained to patients in a notification letter, and the practice’s IT vendor moved all servers and computers offline.
A practice administrator did not respond to a request for additional information.
Potentially compromised data included names, addresses, phone numbers, dates of birth, demographic information, Social Security numbers, insurance billing information, procedure codes, medical records and lab reports, its letter to patients noted.
The vendor identified the virus strain as “Dharma Ransomware,” a variant of an older virus called “CriSiS.” These strains generally do not remove data from servers, but that could not be ruled out, executives of the practice say. “Also, during the analysis of ABCD’s servers and computers, suspicious user accounts were discovered, suggesting that hackers may have accessed portions of ABCD’s network,” the practice told patients.
After the virus and corrupt data were removed, the practice was able to restore all affected data through secure backup files stored away from servers and computers. No ransom demands or other communications were received.
While the practice’s IT vendor found no evidence of information being acquired or removed, it could not rule out the possibility, patients were told. “Importantly, ABCD cannot confirm with a high degree of likelihood that confidential information remained secure throughout this incident.”
Consequently, the practice noted that no confidential or protected health information was lost and no ransom demands were made, but indications that programs or persons may have been on the server compelled notifying patients, the FBI and the HHS Office for Civil Rights.
In addition to the Equifax protective services, the practice recommended patients place a fraud alert on their credit files with credit reporting firms.