PHI of 750,000 Oregon Anesthesiology Patients Restored After the Ransomware Attack

On July 11, 2021, the Oregon Anesthesiology Group learned that it suffered a ransomware attack that allowed the encrypting of files on its systems and obstructed the use of its servers and patient information.

Subsequent to the attack, its IT infrastructure was reconstructed and offline data backups were employed to quickly bring back the impacted files. A digital forensics agency was involved to look into the breach and it was established that patient and employee details were exposed, with the affected sections of its network discovered to have files that contained names, addresses, medical record numbers, diagnosis, dates of service, and procedure descriptions and codes, insurance company names, and insurance identification numbers. Employee data potentially compromised in the attack included names, addresses, Social Security numbers, and other information contained in W-2 forms.

The forensic investigation showed that as soon as the hackers had obtained access to its system, they data-mined the credentials of the administrator which authorized them to obtain access to encrypted information on its network. The FBI advised Oregon Anesthesiology Group that the hackers most possibly took advantage of a vulnerability found in its third-party firewall to acquire access to its system.

Due to the breach that happened, the group changed the firewall, used multi-factor authentication more extensively, improved the guidelines on network access control, and involved a third-party vendor to give 24-hour live security monitoring and provide assistance on security system design, improved data and network segregation, and amplified usage of a cloud-based system.

Oregon Anesthesiology Group provided notification letters to roughly 750,000 people and 522 present and past personnel. Though no proof of attempted or actual wrong use of patient data was identified, the group offered identity theft protection and credit monitoring services to impacted persons, besides an identity theft insurance coverage.

To be able to restore the stolen data, it is normally required to give ransom payment. In this instance, nevertheless, the ransom wasn’t given. On October 21, 2021, the FBI notified the Oregon Anesthesiology Group that it took over β€œan account owned by HelloKitty, a Ukrainian hacking gang, which comprised OAG patient and worker files.” It is not clear whether the seized account included the sole copy of the stolen information.

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.