Ransomware Attacks Reported by Rangely District Hospital and Electronic Waveform Lab

Rangely District Hospital in Colorado has started notifying patients that some of their protected health information was stored on parts of its network that were affected by an April 2020 ransomware attack.

The ransomware attack was discovered on April 9, 2020 and steps were taken to contain the attack, but it was not possible to prevent the encryption of certain files, some of which contained patient information.

Rangely District Hospital said the initial attack on its systems occurred on April 2, 2020, but ransomware was not deployed until April 9, 2020. The hospital reports that the encryption process was automated, and no evidence was found to suggest data was accessed or exfiltrated. The investigation indicates a foreign threat actor conducted the attack, but it was not possible to determine who was responsible.

While patient data is not believed to be obtained, it was not possible to rule out unauthorized access. Files encrypted by the ransomware that could potentially have been viewed included the following types of personal and protected health information: Names, dates of birth, social security numbers, addresses, telephone numbers, driver’s license copies, dates of service or hospital admissions, diagnoses and conditions, treatment or procedure notes and orders, imaging studies, medications, and health insurance and claims and billing information.

While it was possible to recover many files from backups without paying the ransom, some patient data remains inaccessible. In addition to the files containing patient information, files essential to a legacy software system were also encrypted and could not be recovered. Rangely District Hospital used a ‘Meditech’ database for storing patient records between August 2012 and August 2017 and the legacy software is required to view patient records in the database. The database itself was not affected by the attack, but without the software, patient records from that 5-year period cannot be accessed. The records of certain patients who received home health services between June 2019 and April 2020 are also still inaccessible. Rangely District Hospital is currently exploring other options for accessing the database.

The breach report submitted to the Department of Health and Human Services’ Office for Civil Rights shows 6,339 patients were affected by the breach.

Patient Information Potentially Compromised in Electronic Waveform Lab Ransomware Attack

Electronic Waveform Lab, a Huntington Beach, CA-based manufacturer of medical, surgical, ophthalmic, and veterinary instruments, has announced it has suffered a ransomware attack that resulted in the encryption of data on some of its servers.

The affected servers only contained a limited amount of personal and health information of patients such as names, addresses, diagnosis codes, and some treatment information. The forensic experts investigating the ransomware attack were unable to determine whether patient data was accessed or obtained by the attackers prior to data encryption, but the possibility could not be ruled out.

Electronic Waveform Lab had implemented security measures before the attack to protect patient information but, in this instance, they were not sufficient to block the attack. Security measures have now been reviewed and are being enhanced to prevent similar breaches in the future.

Electronic Waveform Lab was able to restore its servers and data. No patient information was lost as a result of the attack.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.