Phishing Attack Reported by Adventist Health Sonora
Adventist Health Sonora in California has discovered an unauthorized individual has gained access to the email account of a hospital associate and potentially viewed patient information.
The email account breach was detected by Adventist Health Sonora’s information security team on September 30, 2019. Immediate action was taken to secure the compromised Office 365 account and an investigation was launched to determine the extent of the breach.
The investigation confirmed that access to the Office 365 account was gained following a response to a phishing email and that it was an isolated incident. No other email accounts or systems were affected.
The purpose of the attack appears to have been to redirect invoice payments and defraud the hospital and its vendors, rather than to obtain sensitive patient information.
According to Adventist Health Sonora, a comprehensive review of the affected account revealed on October 14, 2019 that the account contained the protected health information of 2,653 patients. The types of information exposed included names, dates of birth, medical record numbers, health insurance information, hospital account numbers, and medical information related to the care provided at the hospital.
No evidence was uncovered to suggest any patient information was acquired by the attacker but, out of an abundance of caution, affected patients have been notified and offered complimentary identity theft protection services for 12 months.
Great Plains Health Has Recovered 80% of Systems Impacted by November 2019 Ransomware Attack
Great Plains Health in North Platte, NE, experienced a ransomware attack in November 2019 which saw its network encrypted. The decision was taken not to pay the ransom and instead to restore systems from backups. It has been a time-consuming and painstaking process, but hospital officials have announced that the process is now 80% completed.
Restoration of systems was prioritized with the most important patient systems restored first. It took two weeks for critical patient systems to be recovered. Members of staff worked round the clock to ensure systems were restored in the shortest possible time frame. Throughout the attack and recovery process patients continued to receive medical services and no patients were turned away or redirected to other healthcare facilities.
Hospital officials have now announced that all major IT systems have now been brought back online and the ransomware attack is no longer having any impact on any kind of patient care. Only archives now need to be restored, which contain information rarely used by the hospital.