Ransomware Attack Impacts 16,000 National Ambulatory Hernia Institute Patients
On September 13, 2018, the National Ambulatory Hernia Institute in California experienced a ransomware attack that resulted in certain files on its network being encrypted.
According to the breach notice uploaded to the healthcare provider’s website, the attackers were potentially able to gain access to demographic data of patients recorded prior to July 19, 2018.
In total, 15,974 patients have had some of their protected health information exposed as a result of the attack. The information potentially accessed by the attackers was limited to names, addresses, birth dates, diagnoses, appointment dates and times, and Social Security numbers. Patients who visited National Ambulatory Hernia Institute facilities for the first time after July 19, 2018 were unaffected by the breach.
Due to the sensitive nature of the exposed information, the National Ambulatory Hernia Institute has advised affected patients to obtain identity monitoring services for a period of at least one year. The breach notice does not state whether those services are being provided to patients free of charge.
The National Ambulatory Hernia Institute explained that all data have now been transferred to an off-site server and additional controls have been purchased and implemented to prevent further attacks, including a more robust firewall and antivirus software solutions. The investigation into the breach is ongoing.
The National Ambulatory Hernia Institute did not state what type of ransomware was used in the attack, only that “the attack was tied to an email address [email protected]”
That email address has previously been associated with a variant of CrySiS/Dharma ransomware called gamma. Gamma ransomware ransoms are not fixed and are not stated on the ransom demands. Victims must email the attackers to find out how much it will cost for the keys to unlock files. No mention was made about whether the ransom demand was paid to regain access to data.