Malware Attack Disables Servers at Physician Network Affiliated with Boston Children’s Hospital
On Monday, February 10, 2020, Pediatric Physicians’ Organization at Children’s (PPOC), a physician group affiliated with Boston Children’s Hospital, experienced a malware attack that caused a system outage which prevented its 500+ pediatricians, nurse practitioners, and physician assistants from accessing patient data and scheduling calendars.
PPOC has approximately 200 servers, 11 of which were impacted by the attack. IT teams at PPOC and Boston Children’s Hospital worked swiftly to contain the malware and the affected servers have now been quarantined. Servers unaffected by the attack were shut down as a precautionary measure. Boston Children’s Hospital issued a statement confirming its systems were unaffected by the attack.
Patients were advised to reschedule non-urgent appointments as health records cannot be accessed until the malware is removed and the servers are brought back online. Children’s Hospital issued a statement on Wednesday saying progress was being made restoring the servers, but it was still unclear how long the recovery process would take.
PPOC has over 100 practices across the state of Massachusetts and serves more than 350,000 patients. It is currently unclear what type of malware was involved and whether it allowed hackers to gain access to patient data.
Central Kansas Orthopedic Group Suffers Ransomware Attack
Central Kansas Orthopedic Group (CKOG) in Great Bend, KS suffered a ransomware attack in November 2019 that resulted in the encryption of patient records.
The attack was discovered on November 11, 2019. The attackers sent a ransom demand which CKOG refused to pay. All encrypted files, including patient medical records, were successfully restored from backups.
A third-party forensic investigator was retained to assist with the investigation and determine whether patient data had been accessed or copied by the attackers prior to the deployment of ransomware. The investigation uncovered no evidence to suggest the attackers accessed or stole patient data and no reports of data misuse have been received.
The types of information that could potentially have been accessed included names, addresses, email addresses, dates of birth, state-issued ID numbers, driver’s license numbers, health information related to treatment provided by CKOG, Social Security numbers, and health insurance information. All affected patients have been notified by mail and offered identity theft protection services through ID Experts.
CKOG is now reviewing its security platform and has started implementing additional security protocols to harden its security posture.
The HHS’ Office for Civil Rights breach portal shows 17,214 patients were potentially affected by the attack.