Ransomware attack breaches 300,000 patient records

Featured image

Share this article

paubox ransomwareThe Women’s Health Care Group of Pennsylvania, with 45 offices throughout the state, has notified 300,000 of its patients that a ransomware attack has put their personal health information at risk for theft.

On May 16, 2017, the healthcare system discovered the infected server and workstation at one of its practices. Officials said the infected server and workstation were removed from the network, where officials then launched an investigation by a computer forensics team.

The investigation revealed the cybercriminals began hacking the system as early as January 2017 through a security vulnerability.

Officials stated that the security flaw allowed limited access to patient information before it encrypted certain files.

The health system couldn’t determine if patient information had been acquired or viewed.

The data stolen by external hackers included names, Social Security numbers, birth dates, pregnancy histories, blood type information, lab results, medical record numbers, insurance information and medical diagnoses.

RELATED: 3 Insider Threats You Need to Plan For

Officials said the encrypted files were restored from a back-up server and did not disrupt patient care. However, with the stolen personal information, the criminals can easily create false IDs, insurance fraud, or simply sell it off on the dark web.

The health system has also filed a report with the FBI.

Given the sensitivity of the data and how valuable it is, Women’s Health Care Group did the right things once they found out about the data breach.

However, the efforts of the health group was unfortunately not enough nor in time.

READ MORE: Our Thoughts on Petya and Future Ransomware Variants

This incident serves as another reminder for the importance of a comprehensive internal review and teaching your team best information security practices.

Healthcare organizations need to take every effort to prevent security breaches at all costs.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Phuong Tran

Phuong Tran is a Carnegie Mellon University-Heinz College graduate with a degree in healthcare policy and management. In his spare time he enjoys discovering new restaurants and playing basketball.

Read more by Phuong Tran

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022