Sagewood Retirement Community Attacked with Ransomware
Sagewood, a retirement community in Phoenix, AZ, has notified 800 current and former residents about a ransomware attack that has potentially resulted in some of their electronic protected health information (ePHI) being accessed by the attackers.
Sagewood enlisted the services of a computer forensics firm to investigate the attack. According to the substitute breach notice on the Sagewood website, the attack was short-lived. It was possible to isolate and contain the infection within an hour of it being discovered.
Since it is possible that access to ePHI was gained, the incident has been reported to the Department of Health and Human Services’ Office for Civil Rights in accordance with HIPAA Rules. Patients have also been notified of the incident by mail if they have been affected.
Ransomware locks files with powerful encryption which prevents the victims from gaining access to their data. After files are locked, the victims are presented with a ransom demand. Payment must be made in order to receive the key to unlock the encryption.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Ransomware could also potentially give the attackers access to sensitive data, although typically the attacks are performed only to obtain ransom payments. However, in this case, files were locked but no ransom demand was received.
It is unclear whether the ransomware variant used in the attack failed, or if the attackers had other reasons for locking data.
It is possible that data access was gained and patients’ names, phone numbers, addresses, dates of birth, Medicare numbers, Social Security numbers, and other national ID numbers could potentially have been viewed.
Based on the short time period when data could have been accessed – and the lack of a ransom demand – “Sagewood does not believe that the attack was performed in order to gain access to a “hacker” was looking to compromise or misuse identities or personal information.”
Current and former residents impacted by the incident have been informed to be vigilant nonetheless and monitor payment card statements for any sign of fraudulent activity and to consider placing a fraud alert on their credit cards.
The breach report submitted to the Department of Health and Human Services’ Office for Civil Rights indicates 863 individuals were potentially impacted by the breach.
