Investigation into Ransomware Infection Affecting 19,000 People

One of Highmark Blue Cross Blue Shield’s (Delaware) subcontractors has fallen victim to a ransomware infection and cyberattack that may have put private information relating to almost ninetenn thousand beneficiaries of employer-paid health plans at risk.

The attack happened on the 5th of August 2016 at Highmark BCBS subcontractor Summit Reinsurance Services, however affected individuals were only notified of the incident in January 2017. Highmark BlueCross BlueShield of Delaware has launched an investigation into the ransomware attack which has confirmed that sixteen present and former self-insured customers were impacted.

Although SummitRe was first alerted that its systems had been compromised by the presence of the ransomware infection itself, an investigation into the attack discovered that SummitRe’s systems had first been accessed by unauthorised persons approximately 5 months earlier on the 12th March 2016. It seems probable that the attacker installed ransomware on SummitRe’s systems at that time in an effort to extort money after access to its systems was no longer needed. Although a large number of ransomware attacks are completely random, on some occasions hackers have installed ransomware on compromised systems when they have no more use for access to them.

The breach investigation has not yet concluded. That said, SummitRe has been able to confirm that patients’ full names, medical record numbers, Social Security details, health insurance policy information, and medical information connected to insurance claims may all have been accessed by the attackers. Affected patients have been offered one year’s worth of complimentary credit monitoring together with identity theft protection services. Thankfully, as of yet no evidence of any misuse of health plan members’ data has been found in the SummitRe investigation.

There was a significant rise in ransomware attacks on healthcare organizations during 2016. Data security specialists have forecasted that 2017 will witness even more attacks. Although healthcare organizations are taking steps to secure their data and systems in the face of attacks, ransomware criminals continue to develop new ransomware and more complex variants that have the capability to bypass even complex defences systems.

Some hackers have also been stealing, or wiping, databases in order to demand ransom payments for the safe return of the concerned data. Such attacks do not employ any form of malicious software. In these cases vulnerabilities in the attacked systems are taken advantage of in order to access data. As was the case in the recent attacks against MongoDB databases, attackers do not always take copies of the data. They may simply delete databases then demand a ransom payment to return data, even though they do not have the intention – or indeed the capability – of so doing.

Frequent backups of data should be made by all businesses. Moreover, those backups should be securely stored in locations where hackers cannot possibly access them.

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

Emma Taylor

Emma Taylor is the contributing editor of Defensorum. Emma started on Defensorum as a news writer in 2017 and was promoted to editor in 2022. Emma has written and edited several hundred articles related to IT security and has developed a deep understanding of the sector. You can follow Emma on and contact Emma at