Patients of the Mayfield Hospital of Cincinnati, OH were sent an electronic mail, in February having a malevolent attachment which transferred an illegal computer software onto their appliances. The record on the HHS’ OCR breach portal shows 23,341 patients were sent the electronic mail, even though it’s not clear how many electronic mail receivers opened the malevolent attachment and infested their computers.
The electronic mail was sent by a person who accessed a database kept by one of Mayfield’s sellers. That seller was hired to release invitations, newsletters, announcements, as well as educational information through electronic mail to website contacts, business associates, event attendees, patients and other associates of Mayfield.
The electronic mails were dispatched on February 23, 2016, and had the topic line “Essential Information: bill 11471.” Starting the enclosed file activated the download of ransomware – illegal computer software that encodes records avoiding them from being retrieved. The sufferers are then informed they should pay a sum to get the key to undo the encryption.
The person who accessed the electronic mail databank was just capable to access electronic mail addresses. No personal information, Social Security numbers, or medical data was accessed. The seller was only provided with a list of electronic mails.
The safety breach was swiftly known letting Mayfield warn several people on the electronic mail list on the same day. Mayfield displayed a safety declaration in a conspicuous position on its website and sent out declarations through social media. An electronic mail update was also transmitted two days later, a press statement was released, and letters were posted to affected persons. The electronic mail account utilized to transmit the malevolent electronic mail has been locked to avoid more access.
The safety breach caused an inquiry and analysis of procedures and policies and Mayfield has worked with its seller to make sure that similar occurrences are avoided in the future.
Mayfield also utilized a computer virus safety facility to decide whether the electronic mail and the attached file had a virus. All receivers of the malevolent electronic mail have now been transmitted a linkage which they can use to copy software to get rid of the ransomware infection.