HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Shingle Springs Health and Wellness Center Ransomware Attack Impacts 21,000 Patients

Shingle Springs Health and Wellness Center (SSHWC) in Placerville, CA, is notifying 21,513 patients that protected health information (PHI) was potentially compromised as a result of a recent ransomware attack.

SSHWC learned on April 7, 2019 that its server infrastructure had been compromised and ransomware had been deployed. As a result of the attack, all computer systems were rendered inoperable and access to patient data and essential files was blocked.

An investigation was immediately launched and the cyberattack was reported to the Federal Bureau of Investigation and the Indian Health Service. SSHWC has now installed new servers and is fast-tracking system upgrades and workstation updates across all departments.

The ransomware attack is believed to have been conducted to extort money from SSHWC; however, files containing PHI were involved in the breach and could potentially have been compromised. Those files contained names, addresses, telephone numbers, Social Security numbers, health insurance information, provider names, dates of service, amount paid or owed, and diagnosis codes.

Please see the HIPAA Journal Privacy Policy

SSHWC is offering all affected patients 12 months of complimentary credit monitoring services.

This is the third major healthcare ransomware attack to have been reported in the past few days. Estes Park Health experienced a ransomware attack on June 2, 2019, which prevented computer systems and patient data from being accessed. An undisclosed ransom was paid for the keys to decrypt files, but some files remained locked. The attackers demanded further payment to unlock the remaining files.

Boardman, OH-based N.E.O Urology has also recently announced it has suffered a ransomware attack. The decision was taken to pay the $75,000 ransom and all files have now been recovered.

These are just three of several ransomware attacks to have been reported by healthcare organizations in the past two months. As a recent report from Malwarebytes confirms, ransomware is proving popular with hackers once again. In Q1, 2019, ransomware attacks increased by 195% and healthcare organizations accounted for a large percentage of those attacks.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.