Share this article on:
GBMC HealthCare in Maryland, Golden Gate Regional Center in California, and Dyras Dental in Michigan have recently suffered ransomware attacks and Allegheny Health Network, AMITA Health, and Bayhealth have announced they have been affected by the ransomware attack on Blackbaud Inc.
Towson, MD-based GBMC HealthCare has announced it suffered a ransomware attack on December 6, 2020 that forced its computer systems offline and the healthcare provider is now operating under EHR downtime procedures while the attack is mitigated. GBMC HealthCare had planned for such an attack and had processes in place to ensure care could continue to be provided to patients while keeping disruption to a minimum.
Safe and effective care continues to be provided to patients and its emergency department did not stop receiving patients; however, some elective procedures scheduled for Monday 7, December were postponed. Efforts are underway to bring systems back online and restore the encrypted data and law enforcement has been notified and is investigating the attack. The Egregor ransomware gang has claimed responsibility for the attack.
Golden Gate Regional Center
Golden Gate Regional Center, a provider of services for individuals with developmental disabilities in Marin, San Francisco, and San Mateo counties in California, identified suspicious activity on its computer systems on September 23, 2020. The investigation revealed the protected health information of 11,315 had been exfiltrated from its computer systems prior to the deployment of ransomware.
Data stolen in the attack was limited to names, GGRC client identification numbers, service codes/descriptions, vendor/service provider names/numbers, month or year of service, and cost information related to the services provided. The investigation did not uncover evidence to suggest any stolen data has been misused. Affected individuals were notified by mail in November and complimentary identity theft protection services have been provided to breach victims.
Dyras Dental in Lansing, MI has experienced a ransomware attack involving Egregor ransomware. An investigation into the attack confirmed that the attackers had access to its network between September 14 and September 24, 2020.
An investigation into the breach was concluded on January 8, 2021 and confirmed patient names were accessed along with one or more of the following types of PHI: Social Security numbers, dates of birth, taxpayer identification numbers, driver’s license numbers, financial account information, credit or debit card information, and/or medical information such as treatment type,
location, patient account numbers, doctor’s names, medical procedure information, prescription information, medical record numbers, and/or health insurance numbers.
Databreaches.net reports that information was obtained by the attackers and a sample of the stolen data was published on the attacker’s leak site. According to Databreaches.net, the dumped data included over 100 files that included insurance billing information, employee W-2 statements, and voicemail recordings containing PHI. Dyras Dental said in its substitute breach notice that it is unaware of any cases of misuse of patient data.
The breach report submitted to the HHS’ Office for Civil Rights shows the PHI of 2,745 individuals was compromised in the attack.
Allegheny Health Network, AMITA Health, and Bayhealth Impacted by Blackbaud Ransomware Attack
Pennsylvania-based Allegheny Health Network, Illinois-based AMITA Health, and Delaware-based Bayhealth have recently announced they have been impacted by the ransomware attack on the software and cloud computing services provider Blackbaud. The healthcare providers used Blackbaud to maintain their fund-raising records and donor databases.
Blackbaud assured the three healthcare providers that no credit card information, bank account information, or social security numbers were compromised in the attack, but some protected health information was stolen by the attackers prior to the deployment of ransomware. Blackbaud paid the ransom demand and received assurances that all stolen data was subsequently destroyed and has not been, and will not be, sold on, published, or misused.
Allegheny Health Network was one of the worst affected clients with the records of 299,507 individuals stolen in the attack. AMITA Health has reported the breach as affecting 261,054 individuals and Bayhealth says 78,006 individuals were affected.
University of Vermont Medical Center Ransomware Attack Cost Could Exceed $63 Million
Ransomware attacks can prove extremely costly. The October 2020 ransomware attack on the University of Vermont Medical Center has reportedly cost more than $1.5 million per day in lost revenue and increased expenses, according to hospital president Stephen Leffler, not including the cost of getting its systems back up and running. The attack occurred on October 28, 2020 and 42 days later losses continue to be experienced. Lost revenue and expenses could exceed $63 million.
The hospital has restored many systems and is operational; however, around 30% of the 600 applications used by the hospital remain out of action and disruption is still being experienced in some areas. Most of the radiology systems have now been restored, although that process has taken around six weeks, cancer treatment capabilities are still not fully restored, sleep studies have not been restarted, and the process of addressing the backlog of postponed appointments and entering handwritten records into its systems is expected to take several more weeks.