Pacific Alliance Medical Center ransomware attack affects 263,000 individuals

Featured image

Share this article

Pacific Alliance Medical Center ransomware attack affects 263,000 individualsPacific Alliance Medical Center (PAMC), a hospital based in Los Angeles, suffered a ransomware attack to its servers in June.

In a media briefing held by the medical firm, PAMC stated that its IT staff were successful in removing the ransomware virus to decrypt the data.

However, officials said that the investigation could not rule out whether patient data was accessed or not.

Unauthorized access to files containing PHI

On June 14th, the hospital discovered its servers were compromised when files began to be encrypted without authorized access. PAMC immediately turned to its emergency incident and recovery procedures and shut down the infected networked computer systems to prevent spreading the virus.

The healthcare provider’s IT team conducted the initial investigation. The investigation revealed that several PAMC computers were impacted in the attack.

Officials have stated that the virus was removed and the data was decrypted. PAMC has also notified the 266,123 affected individuals (with no breach notification delay due to the investigation) and reported the case to the FBI.

However, the notice to the patients did not mention whether PAMC paid the ransom.

RELATED: Anthem Breached Again! 18,500 Members Information Compromised

Unclear whether patient data was viewed or stolen

Officials said the investigation couldn’t rule out whether the patient data were viewed or stolen by the ransomware attack, although the organization didn’t uncover evidence to suggest the data was stolen.

The lack of evidence is not unusual, though, as ransomware attacks typically do not involve stealing data (despite the high black market rate for stolen healthcare data).

The impacted PAMC servers contained identifying personal and medical information such as names, demographic details, social security numbers, birth dates, employment information, insurance details, diagnoses, medical images and more.

Thankfully, no financial information was included.

PAMC officials contacted the FBI, the California Department of Public Health, California Attorney General and the U.S. Department of Health and Human Services Office for Civil Rights.

READ MORE: How to Make Gmail HIPAA Compliant

All patients are being offered two years of free identity theft protection services with Experian Identity Works as retribution for the ransomware attack.

Changes to OCR’s Reporting Requirements

In 2016, the OCR changed its reporting requirements to place burden of proof on providers. Because of this change, Pacific Alliance Medical Center is taking the cautious approach to ransomware breach reporting.

The changes emphasize that providers must determine with certainty that hackers were unable to access data during the ransomware attack.

PAMC’s ransomware attacks serves as a reminder that it’s better to be safe than sorry by having secure cybersecurity measures in place.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Phuong Tran

Phuong Tran is a Carnegie Mellon University-Heinz College graduate with a degree in healthcare policy and management. In his spare time he enjoys discovering new restaurants and playing basketball.

Read more by Phuong Tran

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022