Ransomware Attacks Reported by Family Medical Center of Michigan & Buddhist Tzu Chi Medical Foundation
Temperance, MI-based Family Medical Center of Michigan (FMC) has notified 21,988 patients about a July 2020 ransomware attack in which their protected health information was compromised.
FMC said the attack appeared to have been conducted by a cybercriminal gang operating out of Ukraine. The attackers encrypted FMC’s financial files which prevented its employees from accessing patients’ financial information. A ransom demand of $30,000 in cryptocurrency was issued for the digital key to unlock the encrypted files.
FMC said it worked with a third-party computer security firm – IDX – to investigate the breach and help secure its digital environment. IDX advised paying the ransom as part of a strategy to determine the scope of the attack. FMC CEO, Ed Larkins said it complied with the demand and paid the ransom a week after the attack occurred. The attackers took two weeks to send the key to decrypt files.
The investigation into the attack confirmed only financial information was affected and patient medical records were not compromised in the attack. Patients affected by the attack had received medical services at some point in the past 14 years.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Following the attack, steps were taken to improve security and harden defenses to prevent further attacks. IDX is continuing to manage the response to the incident and has not detected any attempted or actual misuse of patient data since the attack. FMC has offered complimentary credit monitoring services to patients whose financial information was compromised.
Ransomware Attack Reported by Buddhist Tzu Chi Medical Foundation
Buddhist Tzu Chi Medical Foundation in West Sacramento, CA is notifying 18,968 patients that some of their protected health information has potentially been compromised in a recent cyberattack.
The attack was detected on July 15, 2021 when parts of its network became inaccessible. The affected server was immediately taken offline, and emergency protocols were implemented, with the staff switching to pen and paper to record patient data. A forensic investigation was conducted to determine the nature and scope of the breach, which confirmed that parts of the network accessed by the attackers contained patient data.
It was not possible to determine whether any patient data were viewed or exfiltrated by the attackers, only that data access was possible. The files potentially compromised in the attack contained names, dates of birth, and diagnosis information, which included dental x-rays for dental patients. No other patient data was stored on the affected server and computers.
Due to the nature of data exposed, there is believed to be a very low risk of misuse of the information; however, as a precaution, affected patients have been advised to monitor their estimate of benefits and other health information for any suspicious activity.
