Hackers Access PHI During Mat-Su Surgical Ransomware Attack

June 02, 2020 - Arkansas-based Mat-Su Surgical Associates (MTA) is notifying 13,136 current patients and some current or former patients of Valley Surgical Associates that their protected health information was viewed during a ransomware attack in March.

On March 16, MTA discovered some of its files were encrypted by ransomware and were unable to access their computer system. An investigation was launched with assistance from a third-party forensics team that determined the threat actor gained access to some patient files stored on the system.

The investigation could not determine the precise number of files viewed during the attack. But officials said it appears the impacted data included patient names, Social Security numbers, contact information, diagnoses, treatments, test results, health insurance details, and other care-related data.

MSA has since reset all user passwords and implemented additional controls on all remote access endpoints to prevent a recurrence. Officials said they’re also reviewing policies and procedures to ensure the protection of PHI.

The number of successful ransomware attacks on the healthcare sector declined during the first quarter of 2020 due to the COVID-19 pandemic, compared to the successful attacks seen during the last half of 2019, according to Emsisoft. But the number of attempts has remained constant during that timeframe.

“The decline in successful attacks, and especially attacks on healthcare providers, is obviously a positive, but the relief is likely only temporary,” Emsisoft researchers, at the time. “Once organizations resume normal operations, we expect the numbers to return to their previous levels.”

Woodlawn Dental Reports Ransomware Attack

About 14,931 patients of Woodlawn Dental Center in Ohio have been notified that the provider fell victim to a ransomware attack in March, which potentially impacted their health records.

The attack began on March 18, impacting Woodlawn Dental’s computer systems. However, they were able to quickly identify the attack and then restore the systems from secured, backup hard drives. Officials stressed that they did not pay the ransom. Notably, a recent report suggested that paying the ransom could actually double the overall recovery costs.

The investigation did not find any indication that the data was accessed during the attack, but officials are notifying patients in an abundance of caution as their healthcare records were encrypted by the ransomware.

The impacted data included patient names, contact information, Social Security numbers, dates of birth, medical insurance information, and other related health data.

Woodlawn Dental has since implemented additional defenses.

The Little Clinic’s Website Flaw Exposes Patient Data

Tennessee-based The Little Clinic recently began notifying 10,974 patients that their data was potentially exposed by a bug found in its online appointment functionality. TLC is a network of medical care clinics throughout the state, as well as Kentucky, Colorado, Ohio, Kansas, Georgia, Indiana, Arizona, and Virginia.

In February 2020, TLC administrators discovered a flaw in its appointment scheduling tool. When a patient made an appointment, then made changes to it online, some patient information could have been made accessible by third-party domains.

The website error first began in October 2018, nearly 18 months earlier and potentially exposed patient names, dates of birth, phone numbers, and addresses. The error was fixed by administrators on February 13, 2020. Officials determined there was a data breach on April 7.