Dedicated to providing the latest
HIPAA compliance news

Ransomware Attack Reported by East Valley Community Health Center

Share this article on:

West Covina, CA-based East Valley Community Health Center (EVCHC) has started notifying patients that some of their electronic protected health information was compromised when ransomware was installed on one of its servers.

The ransomware attack occurred on October 18, 2016 and involved a ransomware variant called Troldesh/Shade. As with other forms of ransomware, Troldesh conducts scans of its local environment and encrypts a wide range of file types with an asymmetric encryption algorithm, preventing the files from being accessed.

Troldesh is supplied by the ransomware author as a development kit, which allows affiliates to run their own ransomware campaigns. The ransomware is usually distributed via spam email campaigns via file attachments containing malicious JavaScript code. However, in this case, an unauthorized individual logged onto a EVCHC server and installed the ransomware.

Many different files were encrypted, one of which contained the electronic health information of EVCHC patients. The file was used by EVCHC for logging claims that had been submitted to health plans. The file contained names, addresses, birthdates, medical record numbers, insurance account numbers, and health diagnosis codes. No financial information, Social Security numbers, nor Driver’s license numbers were present in any of the encrypted files.

Ransomware is typically used to extract a ransom payment from the victim, not to gain access to sensitive information. However, it is possible that the attacker was able to view the ePHI contained in the file. No evidence of file access or exfiltration was discovered by EVCHC.

The ransomware attack has now been reported to the Department of Health and Human Services’ Office for Civil Rights and the California Attorney General’s office. The OCR breach report indicates 65,000 individuals have been impacted.

Steps have been taken to reduce the likelihood of future ransomware attacks, including the implementation of additional technical controls and the transfer of patient’ protected health information to a third party off-site server maintained by a health information technology company. EVCHC will also be conducting a full review of privacy practices and updates will be made, as appropriate, to maintain the highest level of privacy for patients.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On