A ransomware attack at Imperial Health has compromised the protected health information of more than 116,000 patients.
On May 19, 2019, Imperial Health, a physicians’ network in Southwest Louisiana, discovered that an unauthorized party had installed ransomware onto the network, encrypting files and a database used by the Imperial Health’s Center for Orthopaedics (CFO).
Ransomware is malware variant which blocks access devices, files, or databases until a ransom has been paid to the hacker. Ransomware attacks are becoming increasingly common, particularly against organizations in the healthcare industry due to the high black-market of healthcare data. Hackers often use phishing campaigns to deliver malware to devices.
An investigation was immediately launched to determine the scope and potential consequences of the breach. Investigators concluded that the database contained the protected health information of 116,262 patients.
An official statement from Imperial Health said that the network did not pay a ransom to the hacker and was able to remove the malware from their systems and restore the data from backups.
Investigators did not uncover any evidence to suggest that patient data had been accessed or stolen during the breach, but the possibility of PHI being compromised could not be eliminated. Imperial Health decided to issue breach notification letters to affected patients to allow them to inform them of the incident and take steps to protect themselves from harm.
The information stored in the database pertained to patients who had previously received medical services at CFO. The information varied from patient to patient and may have included name, address, telephone number, birth date, Social Security number, medical record number, diagnoses, treatment information, medications, dates of service, treating physician, and other clinical information.
Imperial Health has reported to law enforcement, and the organization is assisting with the investigation. Imperial Health has implemented new anti-virus software has now been deployed to better deal with the threat from malware and ransomware in the future.
The incident has been reported to HHS’ Office for Civil Rights’, and a breach report has appeared on the breach portal.
It is unknown how the ransomware was installed on Imperial Health’s networks, although it is likely that the hacker used a phishing attack to trick an employee into downloading the malware. Although Imperial Health has stated that they aim to improve their cybersecurity system by installing new anti-virus software, they have made no comment on whether they are taking steps to ensure employees are thoroughly trained on cybersecurity issues such as spotting and dealing with phishing emails.