Ransomware Attack Reported by East Valley Community Health Center
West Covina, CA-based East Valley Community Health Center (EVCHC) has started notifying patients that some of their electronic protected health information was compromised when ransomware was installed on one of its servers.
The ransomware attack occurred on October 18, 2016 and involved a ransomware variant called Troldesh/Shade. As with other forms of ransomware, Troldesh conducts scans of its local environment and encrypts a wide range of file types with an asymmetric encryption algorithm, preventing the files from being accessed.
Troldesh is supplied by the ransomware author as a development kit, which allows affiliates to run their own ransomware campaigns. The ransomware is usually distributed via spam email campaigns via file attachments containing malicious JavaScript code. However, in this case, an unauthorized individual logged onto a EVCHC server and installed the ransomware.
Many different files were encrypted, one of which contained the electronic health information of EVCHC patients. The file was used by EVCHC for logging claims that had been submitted to health plans. The file contained names, addresses, birthdates, medical record numbers, insurance account numbers, and health diagnosis codes. No financial information, Social Security numbers, nor Driver’s license numbers were present in any of the encrypted files.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Ransomware is typically used to extract a ransom payment from the victim, not to gain access to sensitive information. However, it is possible that the attacker was able to view the ePHI contained in the file. No evidence of file access or exfiltration was discovered by EVCHC.
The ransomware attack has now been reported to the Department of Health and Human Services’ Office for Civil Rights and the California Attorney General’s office. The OCR breach report indicates 65,000 individuals have been impacted.
Steps have been taken to reduce the likelihood of future ransomware attacks, including the implementation of additional technical controls and the transfer of patient’ protected health information to a third party off-site server maintained by a health information technology company. EVCHC will also be conducting a full review of privacy practices and updates will be made, as appropriate, to maintain the highest level of privacy for patients.
