Share this article on:
Delaware-based Brandywine Urology Consultants has announced it experienced a ransomware attack on January 25, 2020 that resulted in the encryption of files on its servers and computers. The scope of the attack was limited and the practice’s electronic medical record system was not affected. No medical records were exposed or compromised in the attack.
The practice acted quickly and took steps to isolate the attack and reduce the harm caused. After securing its systems, a complete scan was performed to ensure no malicious software or code remained and it was determined that the attack had been completely neutralized.
A third-party security company was engaged to thoroughly investigate the attack and determine whether the attackers had gained access to or stole patient information. While many ransomware gangs conduct manual attacks and steal data prior to deploying their ransomware payload, the investigation suggests this was an automated attack that was conducted with the sole purpose of encrypting files to extort money from the practice.
The investigation into the attack is ongoing but, to date, no evidence of unauthorized data access or data theft has been uncovered; however, it was not possible to rule out unauthorized data access so notification letters are now being sent to all patients whose protected health information was stored on parts of the system that were compromised in the attack.
According to the substitute breach notice on the Brandywine Urology Consultants website, the types of information that may have been compromised included names, addresses, Social Security numbers, medical file numbers, claims data, and other financial and personal information.
The IT security firm and the practice have been assessing security protections, policies, and procedures and steps have been taken to improve security to ensure the integrity of its systems and prevent future data breaches. The central server used by the practice has been replaced and any computers affected by the attack have either been reimaged or replaced. Antivirus software has been updated and penetration tests are being conducted to identify any other areas where security needs to be improved.
The breach summary on the HHS’ Office for Civil Rights breach portal indicates 131,825 patients were potentially impacted by the attack.