Sagewood Retirement Community Attacked with Ransomware
Sagewood, a retirement community in Phoenix, AZ, has notified 800 current and former residents about a ransomware attack that has potentially resulted in some of their electronic protected health information (ePHI) being accessed by the attackers.
Sagewood enlisted the services of a computer forensics firm to investigate the attack. According to the substitute breach notice on the Sagewood website, the attack was short-lived. It was possible to isolate and contain the infection within an hour of it being discovered.
Since it is possible that access to ePHI was gained, the incident has been reported to the Department of Health and Human Services’ Office for Civil Rights in accordance with HIPAA Rules. Patients have also been notified of the incident by mail if they have been affected.
Ransomware locks files with powerful encryption which prevents the victims from gaining access to their data. After files are locked, the victims are presented with a ransom demand. Payment must be made in order to receive the key to unlock the encryption.
3 Steps To HIPAA Compliance
Please see HIPAA Journal
- Step 1 : Download Checklist.
- Step 2 : Review Your Business.
- Step 3 : Get Compliant!
The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.
Ransomware could also potentially give the attackers access to sensitive data, although typically the attacks are performed only to obtain ransom payments. However, in this case, files were locked but no ransom demand was received.
It is unclear whether the ransomware variant used in the attack failed, or if the attackers had other reasons for locking data.
It is possible that data access was gained and patients’ names, phone numbers, addresses, dates of birth, Medicare numbers, Social Security numbers, and other national ID numbers could potentially have been viewed.
Based on the short time period when data could have been accessed – and the lack of a ransom demand – “Sagewood does not believe that the attack was performed in order to gain access to a “hacker” was looking to compromise or misuse identities or personal information.”
Current and former residents impacted by the incident have been informed to be vigilant nonetheless and monitor payment card statements for any sign of fraudulent activity and to consider placing a fraud alert on their credit cards.
The breach report submitted to the Department of Health and Human Services’ Office for Civil Rights indicates 863 individuals were potentially impacted by the breach.