Share this article on:
The New Jersey-based Hackensack Sleep and Pulmonary Center, specialists in sleep disorders and pulmonary conditions and diseases, has experienced a ransomware attack that resulted in the protected health information of certain patients being encrypted.
The ransomware attack occurred on September 24, 2017 and resulted in medical record files being encrypted by the virus. The attack was discovered the following day. As is typical in these attacks, the attackers issued a ransom demand, the payment of which was necessary in order to obtain the keys to unlock the encryption.
Hackensack Sleep and Pulmonary Center was prepared for ransomware attacks, and had made backups of all files, and the backups were stored securely offline. The backups were used to recover all encrypted data without paying the ransom.
While data access is a possibility with ransomware attacks, the purpose of ransomware is usually to make data inaccessible and force victims to pay for the key to unlock the encryption. Ransomware attacks typically do not involve data access or data theft. Hackensack Sleep and Pulmonary Center has no reason to believe this attack was any different. No evidence was uncovered to suggest that any data were removed from its system or viewed by the attackers.
The types of information encrypted included diagnoses, notes, procedures, and patient reports, along with names, addresses, Social Security numbers, dates of birth, insurance information, credit card numbers, and account information.
Hackensack Sleep and Pulmonary Center called in a forensic expert to assist with the investigation, and recommendations have been received on additional security protections that can be deployed to prevent future incidents from occurring. Those recommendations are being considered and additional security measures will be implemented to improve security and prevent future attacks.
The incident has been reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) and the New Jersey State Police Cyber Crimes Unit, and affected individuals have been notified of the breach by mail.
The OCR breach portal indicates 16,474 patients have been impacted by the incident.