Maze Ransomware Attack on Accounting Firm Impacts Patients of New York Medical Group

Share this article on:

The Albany, NY-based accounting, tax, and advisory firm, BST & Co. CPAs LLC, has experienced a Maze ransomware attack that has affected patients of the New York medical group, Community Care Physicians P.C.

The Maze ransomware gang is one of a handful of threat groups that steal data from victims prior to deploying their ransomware payload. A threat is then issued to publish the stolen data if the ransom is not paid. Some of the data stolen in the attack has since been published by the gang, including names, dates of birth, addresses, contact telephone numbers, and Social Security numbers of BST employees.

BST has issued a statement saying a computer virus was detected on December 7, 2019 which prevented access to its files. In addition to internal data, some information related to local clients was also potentially compromised, including Community Care Physicians.

A leading computer forensics firm was engaged to assist with the investigation and determine the nature and scope of the attack. The forensics experts determined the virus was active on the network from December 4, 2019 to December 7, 2019 and that the attackers had gained access to parts of the network where client data was stored. BST managed to recover the encrypted data from backups.

BST confirmed the individuals affected by the breach by February 5, 2020 and notification letters were sent by BST on February 14, 2020. The compromised client data included names, dates of birth, medical record numbers, medical billing codes, and insurance descriptions.

The HHS’ Office for Civil Rights breach portal shows the PHI of up to 170,000 patients was potentially compromised in the attack.

United Regional Phishing Attack Affects 1,893 Patients

Wichita Falls, TX-based United Regional Health Care System has announced it has suffered a phishing attack that has seen the email account of one of its employees accessed by an unauthorized individual. The attack occurred in July 2019, but it took until December 2019 to complete the investigation and review the email account to determine whether patient information was compromised.

It was not possible to determine whether emails were accessed or copied by the attacker, but unauthorized access and data theft could not be ruled out. The email account contained patient names, dates of birth, patient account and/or medical record numbers, and clinical information such as provider name and location, lab test results, diagnostic data, prescription information, procedures, and/or treatment information. A limited number of individuals also had their Social Security numbers, driver’s license numbers, health insurance information, and/or passport information exposed.

Patients were notified about the breach on February 18, 2020. Individuals whose Social Security number or driver’s license number was included in the account have been offered complimentary credit monitoring and identity theft protection services.

Author: HIPAA Journal

Share This Post On