Share this article on:
North Shore Pain Management (NSPM) in Massachusetts has started notifying 12,472 patients that some of their protected health information has been stolen by hackers. The breach was detected on April 21, 2020 and the investigation confirmed that the attackers first gained access to its systems on April 16, 2020.
The substitute breach notice on the NSPM website does not provide details about the nature of the attack, but Emsisoft and databreaches.net both reported the incident as a ransomware attack involving AKO ransomware. The gang responsible for the attack dumped 4GB of data stolen in the attack on their Tor site when the ransom demand was not paid.
The dumped files contain a range of sensitive data on employees and patients. The NSPM breach notice confirms the files stolen in the attack contained patient names, dates of birth, health insurance information, account balances, financial information, diagnosis and treatment information, and for certain patients, ultrasound and MRI images. Social Security numbers were also obtained for patients whose SSN is used as their health insurance /member number.
Since the stolen data has been exposed online and is in the hands of cybercriminals, affected patients have been advised to monitor their financial statements and explanation of benefits statements closely for any sign of misuse of their data. Patients whose Social Security number was compromised have been offered complimentary credit monitoring and identity theft protection services. NSPM has now retained a new IT management vendor and is taking steps to enhance cybersecurity.
The AKO ransomware operators, like many groups that manually deploy ransomware, steal data prior to file encryption to increase the chance of a ransom being paid. The AKO gang often requires two ransom payments to be paid. One covers the cost of the decryptor and a second payment is often required to ensure any data stolen in the attack is deleted. Lawrence Abrams of Bleeping Computer has been in touch with the gang who said two ransom demands are issued to companies with large revenues. The ransom payment to delete files is variable, ranging from $100,000 to $2,000,000.
The gang said some healthcare providers have only paid the ransom to have the data deleted and did not pay for the decryptor. It is unclear whether a ransom was paid by NSPM.
Florida Orthopaedic Institute Suffers Ransomware Attack
Tampa, FL-based Florida Orthopaedic Institute has announced it was attacked with ransomware on April 9, 2020 and patient data on its servers was encrypted. An internal investigation was conducted which revealed the personal and protected health information of patients may have been stolen prior to the encryption of files. Florida Orthopaedic Institute is unaware of any misuse of patient information as a result of the attack.
Florida Orthopaedic Institute engaged a third-party computer forensic firm to assist with the investigation and steps have been taken to restore the encrypted data and secure its systems. Affected patients have now been notified and have been offered complimentary credit monitoring, fraud consultation, and identity theft restoration services.
The types of data encrypted and potentially obtained by the attackers included names, dates of birth, Social Security numbers, medical information related to appointment times, physician locations, diagnosis codes, payment amounts, insurance plan identification numbers, payer identification numbers, claims addresses, and/or FOI claims history.
Florida Orthopaedic Institute is working with third-party experts to enhance security to prevent further cyberattacks in the future.
The breach has not yet been added to the HHS’ Office for Civil Rights breach portal so it is currently unclear how many patients have been affected.