Share this article on:
Doctors’ Management Service Inc., a Massachusetts-based provider of medical billing services, discovered on December 24, 2018 that malicious software had been downloaded to its network which prevented files from being accessed.
An investigation into the security incident was initiated which determined GandCrab ransomware had been deployed. Files were recovered from backups and no ransom was paid.
The investigation also revealed that the individual responsible for installing the ransomware had first gained access to its systems on April 1, 2017, 7 months before the ransomware was deployed. Access to the network was gained via Remote Desktop Protocol (RDP) on one of its workstations.
Parts of the network that were subjected to unauthorized access contained the protected health information of patients of its clients, which included names, addresses, dates of birth, Social Security numbers, insurance information, Medicare/Medicaid ID numbers, driver’s license numbers, and some diagnostic information.
The attack appeared to have been timed to ensure the attack would not be immediately detected. The deployment of ransomware could have been an attempt to extort money after the hackers’ other objectives had been achieved.
Doctors’ Management Service explained in its breach notification letter that no unauthorized server access was detected until the ransomware was deployed on December 24, and the forensic investigation did not uncover any evidence of data access nor exfiltration of patient data, although the forensic investigators could not rule out the possibility of data theft.
Third-party computer security experts have been consulted and have made recommendations on how network security can be improved. The company will implement additional controls to prevent further security breaches and staff will continue to be educated on security threats.
Impacted clients and patients have been notified about the incident and the breach has been reported to the Department of Health and Human Services’ Office for Civil Rights. The breach summary on the OCR website indicates 206,695 patients have been impacted by the breach.