Princeton Medicine Ransomware Attack Reported

Princeton Medicine physician Dr. Melissa D. Selke has alerted 4,200 patients to a potential breach of their electronic protected health information. An unauthorized individual gained access to a server containing ePHI and on October 6, 2016,  ransomware was installed.

The ransomware encrypted a range of files on the server including an information system containing patients’ names, phone numbers, addresses, Social Security numbers, driver’s license numbers, health insurance details, medical record numbers, diagnoses, treatment information, treating physician information, and treatment dates.

Upon discovery of the ransomware infection, a computer forensics expert was brought in to conduct a thorough investigation. It was possible to rapidly restore the encrypted files; however, the investigation revealed that the person behind the attack could potentially have viewed and copied patient data. No evidence was uncovered to suggest that this was the case, although it was not possible to rule out the possibility that ePHI had been accessed.

The Hillsborough, NJ-based physician has now informed state regulators and the Department of Health and Human Services’ Office for Civil Rights of the potential data breach. The breach report indicates 4,277 individuals have been impacted. All patients are being contacted by mail and informed of the potential exposure of their ePHI and have been provided with further information and resources explaining the actions that can be taken by patients to reduce the risk of identity theft and fraud.

According to Dr. Selke, “We are taking steps to help prevent another incident of this kind from happening, and continue to review our processes, policies, and procedures that address data privacy.”

2016 has been a bad year for ransomware attacks on U.S. healthcare providers; but as we head into 2017, there are no signs that the attacks will abate. In fact, security experts have predicted that the situation will get worse before it gets better and the number of attacks will increase.

Healthcare organizations large and small must therefore prepare for ransomware attacks. Data should be regularly backed up and stored in the cloud or on air-gapped storage devices and a ransomware response plan should be developed that can be rapidly implemented in the event of an attack to reduce the impact on patients.

Further information on ransomware and how to protect networks can be obtained from US-CERT on this link.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.