Healthcare Information Security

Cybersecurity News

Likely Ransomware Attack Exposes 85K Patient Records in CA

California-based Center for Orthopaedic Specialists admitted that a recent cybersecurity incident, which was described similar to a ransomware attack, exposed 85,000 patient records.

ransomware attack

By Fred Donovan

- California-based Center for Orthopaedic Specialists (COS) admitted that a recent cybersecurity incident, which was described similar to a ransomware attack, succeeded in encrypting 85,000 patient records.

“The patient data that was encrypted by the unauthorized party could have included a patient’s name, date of birth, details about their medical records, and Social Security number. To the best of our knowledge, no patient information was downloaded or removed by the unauthorized party,” COS said in its April 18 web notice.

The attacked affected three of its facilities located in West Hills, Simi Valley, and Westlake Village, California.

The healthcare provider said that the affected patient information was taken offline before the attackers could download or remove it. COS said it notified federal law enforcement officials, who could conduct a criminal investigation into the attack.

The attackers demanded payment to unencrypt the patient data, but COS did not indicate whether it paid the ransom.

COS said it was informed about the attack by its third-party IT vendor. The two parties investigated the incident and found that the attackers gained access to COS systems on February 24, 2018.

“COS worked closely with the technology vendor to conduct a thorough investigation and to put additional protections in place. The system that was accessed by the unauthorized party has been taken offline permanently,” it said in a FAQ section on the MyIDCare website.

The company is offering patients affected by the attack free identity protection services for two years. The deadline to take advantage of the two years of complimentary services is July 19, 2018.

The notice did not indicate whether and/or what strain of ransomware infected its systems. HHS warned last month that attackers using SamSam ransomware have been targeting healthcare providers.

The signature of SamSam attacks is the encryption of files and data with the “.weapologize” extension, the display of a “sorry” message, and the use of a “0000-SORRY-FOR-FILES.html” ransom note, HHS noted.

The hackers break into networks by carrying out brute-force attacks against open remote desktop protocol (RDP) connections

HHS recommended that healthcare organizations restrict access behind firewalls with RDP gateways and virtual private networks, use strong/unique username and passwords with two-factor authentication, limit the number of users who can log in using remote desktop, and implement an account lockout policy to help thwart brute-force attacks.

HHS said it encourages organizations to use data backups and develop contingency and business continuity plans that can ensure resilient operations in the event of a ransomware event.

Verizon’s recent Data Breach Investigations Report (DBIR) warned that the use of ransomware is exploding among cybercriminals.

“Ransomware remains a significant threat for companies of all sizes,” said Verizon Executive Director of Security Professional Services Bryan Sartin. “It is now the most prevalent form of malware, and its use has increased significantly over recent years.”

“What is interesting to us is that businesses are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom—the cybercriminal is the only winner here,” he continued.

The report noted that ransomware has been especially destructive for the healthcare industry. Ransomware accounts for 85 percent of the malware in healthcare. “Due to the ease of the attack, the low risk for the criminal, and the potential for high monetary yields, [ransomware] is likely here for a lengthy stay,” the report observed.

In addition, DBIR found that the healthcare industry was the only sector that had more internal actors behind data breaches than external actors. Errors made up the most common type of cyber incident in healthcare, followed by malware, hacking, and privilege misuse. 

Medical information is the target of two-thirds of data breaches in the healthcare industry, while personal information made up 37 percent and payment information 4 percent of breaches, the report found.

The healthcare industry had 750 cyber incidents last year, with 536 involving data disclosure. Miscellaneous errors, crimeware, and privilege misuse presented 63 percent of cyber incidents in the sector.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...