HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Ransomware Attackers Claim Three More Healthcare Victims

Parkview Medical Center in Pueblo, Colorado is recovering from a ransomware attack that started on April 21, 2020. The attack resulted in several IT systems being taken out of action, including its Meditech electronic medical record system, which has been rendered inoperable. The attack is currently being investigated and assistance is being provided by a third-party computer forensics firm.

Parkview Medical Center is currently working around the clock to bring its systems back online and recover the encrypted data. In the meantime, medical services continue to be offered to patients, who remain the number one priority. Staff have switched to pen and paper to record patient information until systems can be brought back online. Despite not having access to important systems, the medical center says the level and quality of care provided to patients has not changed.

A spokesperson for the medical center said, “While our medical staff continue to work around the clock in response to the ongoing global pandemic, we are doing everything in our power to bring our systems back online as quickly and securely as possible.” The hospital’s website still says systems remain out of action on Wednesday, April 29.

It is not known if this was a manual or automated ransomware attack and if any sensitive data was exfiltrated by the attackers prior to the deployment of ransomware.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

ExecuPharm Attacked with Maze Ransomware

On March 13, 2020, the King of Prussia, PA-based pharmaceutical company ExecuPharm experienced a Clop ransomware attack in which sensitive data was stolen. According to Bleeping Computer, some of the stolen data was published online when the ransom was not paid.

According to a statement issued by ExecuPharm, a leading cybersecurity company has been retained to assist with the investigation and determine the nature and scope of the breach. The incident has been reported to law enforcement and all affected parties have been notified.

In addition to company information, the personal data of employees has also been accessed and exfiltrated by the attackers. That information includes Social Security numbers, financial information, driver licenses, passport numbers, bank account information, IBAN/SWIFT numbers, credit card numbers, national insurance numbers, beneficiary information and other sensitive data. Some data relating to its parent company, Parexel, was also stolen in the attack. Affected individuals have been offered identity theft monitoring services for 12 months free of charge.

The company has rebuilt its servers from backups and once systems have been restored, all data will be recovered from backups. Measures are also being implemented to harden security against these types of attacks, which include multi-factor authentication for remote connections, endpoint protection, and detection and response forensics tools on all systems. Email security measures have also been improved to block ransomware emails.

Brandywine Counselling and Community Services Suffers Ransomware Attack

Brandywine Counselling and Community Services in Delaware has also recently been attacked with ransomware.

The attack was detected on February 10, 2020 and a computer forensic firm was hired to assist with the investigation. The investigation determined servers impacted by the attack contained some client information which was acquired by the attackers.

The attack has been reported to the HHS’ Office for Civil Rights as affecting 4,262 individuals. The data stolen in the attack includes clients’ names, addresses, dates of birth, and/or limited clinical information, such as provider name(s), diagnosis, prescription(s), and/or treatment information, and a limited number of Social Security numbers and driver’s license numbers.

Individuals whose Social Security number or driver’s license number was compromised have been offered complimentary credit monitoring and identity theft protection services. Additional security measures are being implemented to prevent further ransomware attacks in the future.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.