Share this article on:
West Covina, CA-based East Valley Community Health Center (EVCHC) has started notifying patients that some of their electronic protected health information was compromised when ransomware was installed on one of its servers.
The ransomware attack occurred on October 18, 2016 and involved a ransomware variant called Troldesh/Shade. As with other forms of ransomware, Troldesh conducts scans of its local environment and encrypts a wide range of file types with an asymmetric encryption algorithm, preventing the files from being accessed.
Many different files were encrypted, one of which contained the electronic health information of EVCHC patients. The file was used by EVCHC for logging claims that had been submitted to health plans. The file contained names, addresses, birthdates, medical record numbers, insurance account numbers, and health diagnosis codes. No financial information, Social Security numbers, nor Driver’s license numbers were present in any of the encrypted files.
Ransomware is typically used to extract a ransom payment from the victim, not to gain access to sensitive information. However, it is possible that the attacker was able to view the ePHI contained in the file. No evidence of file access or exfiltration was discovered by EVCHC.
The ransomware attack has now been reported to the Department of Health and Human Services’ Office for Civil Rights and the California Attorney General’s office. The OCR breach report indicates 65,000 individuals have been impacted.
Steps have been taken to reduce the likelihood of future ransomware attacks, including the implementation of additional technical controls and the transfer of patient’ protected health information to a third party off-site server maintained by a health information technology company. EVCHC will also be conducting a full review of privacy practices and updates will be made, as appropriate, to maintain the highest level of privacy for patients.