Namaste Health Care Pays Ransom to Recover PHI

A hacker gained access to a file server used by Ashland, MI-based Namaste Health Care and installed ransomware, encrypting a wide range of data including patients’ protected health information.

Access was gained to the file server over the weekend of August 12-13 and ransomware was installed; however, prior to the installation of ransomware it is unclear whether patients’ PHI was accessed or stolen. The Ashland clinic discovered its data had been encrypted when staff returned to work on Monday, August 14.

Prompt action was taken to prevent any further accessing of its file server, including disabling access and taking the server offline. An external contractor was brought in to help remediate the attack and remove all traces of malware from its system.

In order to recover data, Namaste Health Care made the decision to pay the attacker’s ransom demand. In this case, a valid key was supplied by that individual and it was possible to unlock the encrypted files. The clinic was able to recover data and bring its systems back online after a few days. The incident prompted the clinic to conduct a review of its security protections and make “robust upgrades” to its “firewall and remote access technology.”

The investigation into the breach did not uncover any evidence to suggest PHI had been accessed by the attacker, and no evidence was found to suggest any PHI was stolen. That said, it was also not possible to determine with a high degree of certainty that data access and theft did not occur.

The file server contained a wide range of PHI, including names, addresses, dates of birth, medical record numbers, health insurance information, Social Security numbers, and information relating to appointments and visits to the clinic, including the reasons for those appointments/visits. The exposed data related to all patients who had visited the clinic, or arranged an appointment to visit, prior to August 14, 2017.

Due to the sensitive nature of data stored on the server, all patients have been offered identity theft protection services through AllClear ID. Notifications about the ID protection services have been sent on behalf of the clinic by AllClear ID.

While the substitute breach notice posted on the Namaste Health Care website does not specifically mention that financial information was potentially compromised, the clinic said, “we recommend that you notify your banking institutions and request a change of any account numbers, if you provided us with such information.”

The incident has yet to appear on the Department of Health and Human Services’ Office for Civil Rights breach portal, so it is unclear exactly how many patients have been impacted.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.