Ransomware Attacks Reported by People’s Injury Network Northwest and Berry Family Services

Kent, WA-based People’s Injury Network Northwest (PINN), a physical rehabilitation company for industrial rehabilitation patients, has experienced a ransomware attack in which patient information may have been accessed by the attackers.

The attack occurred on April 22, 2019 and saw three servers infected with ransomware. The attack was discovered the following day and the servers were taken offline. The decision was taken not to pay the ransom demand and encrypted files were restored from backups. PINN reports that it was possible to recover most of the data on the servers.

A computer forensics firm was retained to conduct an investigation to determine whether the attackers gained access to or stole information on the servers. No evidence of unauthorized data access or data theft were discovered; however, it was not possible to rule out to possibility of unauthorized data access or exfiltration. Consequently, the decision was taken to notify patients whose personal and protected health information was potentially compromised.

Affected individuals had received services from PINN up to and including April 22, 2019. The types of information potentially compromised included names, addresses, dates of birth, driver’s license numbers, and diagnosis information.

Affected individuals have been offered one year’s complimentary subscription to credit monitoring and identity theft protection services through ID Experts. According to PINN’s substitute breach notification letter, 12,502 Washington residents were potentially affected by the attack. Notification letters were sent on September 12, 2019.

Berry Family Services Ransomware Attack

Rowlett, TX-based Berry Family Services, a provider of services to the disabled and their families, experienced a ransomware attack on July 10, 2019 that locked its computer systems and encrypted customer information.

The decision was taken to pay the ransom to recover customer information in order to continue to support the Dallas and Rockwell Counties’ Home and Community-Based Services and Texas Home Living programs. The amount of the ransom has not been publicly disclosed.

The purpose of the attack is believed to have been to extort money rather than steal sensitive information, but the possibility of unauthorized data access and exfiltration could not be ruled out. The information potentially accessed was limited to customers’ names, addresses, dates of birth, Social Security numbers, medical insurance information, and related health information.

The breach report submitted to the HHS’ Office for Civil Rights indicates 1,751 patients have potentially been affected by the ransomware attack. Out of an abundance of caution, affected individuals have been offered one year of credit monitoring and identity theft protection services through Kroll at no cost.  Steps have already been taken to improve defenses against ransomware attacks to prevent similar breaches from occurring in the future.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.