Altus Hospital Baytown Suffers Dharma Ransomware Attack

Share this article on:

Altus Hospital in Baytown, TX, has experienced a ransomware attack that resulted in the encryption of many hospital records.

The electronic medical record system was not affected, although some of the encrypted files contained patients’ protected health information including names, home addresses, contact telephone numbers, birth dates, Social Security numbers, credit card information, driver’s license numbers, and medical information.

The attack was discovered on September 3, 2018. Altus Hospital received a ransom demand; however, assisted by a third-party security consultant, Altus Hospital was able to restore all affected files from backups.

The investigator determined that the attacker gained access to the hospital’s servers before deploying a Dharma ransomware variant. Altus Hospital believes the aim of the attack was solely to extort money from the hospital. Data access and theft of patient information is not believed to have occurred.

While the attack was limited to Baytown hospital servers, some of the information stored on those servers came from the following affiliated entities: Altus Women’s Center of Baytown, LP, LP, Clarus Imaging (Baytown), Oprex Surgery (Baytown), LP, Clarus Imaging (Beaumont), LP, Altus Radiation Oncology Baytown, LP, and Zerenity Baytown, LP.

Altus Hospital has retained external risk and security consultants who are helping to make improvements to the hospital’s cybersecurity defenses.

PHI of 2,393 Patients of Southwest Washington Regional Surgery Center Compromised

Southwest Washington Regional Surgery Center has discovered an unauthorized individual has gained access to the email account of one of its employees as a result of a phishing attack.

The email account was breached on May 27, 2018 and access continued until August 13, 2018. Following an extensive forensic investigation of the breach and a manual review of all emails in the compromised account, Southwest Washington Regional Surgery Center determined on September 25 that the email account contained the protected health information of 2,393 of its patients.

The types of information that may have been accessed differed from patient to patient and may have included names, driver’s license numbers, Social Security numbers, diagnoses, treatment information, details of surgical procedures performed, prescribed medications, lab test results, and health insurance information. Some patients’ credit card numbers have also potentially been compromised.

Credit monitoring and identity theft restoration services are being offered to all patients whose Social Security number or driver’s license number were potentially accessed by the attacker.

Southwest Washington Regional Surgery Center has updated passwords and improved email access protocols to prevent further phishing attacks.

Author: HIPAA Journal

Share This Post On