The Ottawa-based East Central Kansas Area Agency on Aging (ECKAAA) has faced a ransomware attack which has led to the encryption of documents on one of the organization’s computer networks. Those documents had the safeguarded health information of 8,750 sick persons.
The attack happened on September 5, 2017, and was instantly known by ECKAAA, which took swift action to restrict the distribution of the contagion. As a consequence, just parts of the computer network had documents encrypted. Those documents were found to contain names, Social Security numbers, addresses, telephone numbers, birthdates, and Medicaid numbers.
ECKAAA appointed a cybersecurity company to help with the inquiry and find out the real level and type of the attack. The inquiry disclosed the ransomware type utilized was a variety of Dharma/Crysis – a ransomware variety known to encrypt documents stowed locally, on mapped computer network drives, as well as unmapped network shares. Dharma/Crysis ransomware additionally erases ghost volume duplicates to obstruct retrieval.
Although the inquiry revealed no proof of exfiltration of documents, the probability of data access as well as data theft couldn’t be excluded. ECKAAA informs that even though not all documents on the computer network were encrypted, the assailants possibly had access to all documents saved on the computer networks.
Prior to the ransomware attack, ECKAAA had applied safeguards to defend against malware attacks and to make sure documents might be retrieved in the aftermath of a disaster. As a result, it was possible to regain all the encrypted documents without reimbursing the ransom.
As the defenses in place weren’t enough to prevent the ransomware attack on this incident, ECKAAA has applied many new ways to improve safety. Those ways contain the usage of CrowdAttack sophisticated malware agents as well as payment to Cisco Umbrella Insights to upgrade safety checking.
Extra training has also been provided to staff to upgrade consciousness of the danger from ransomware, a complete password change has happened, and staff has been retold about the significance of choosing strong passwords. An analysis of procedures and policies is also going on and they will be informed accordingly to decrease the danger of future attacks happening.
ECKAAA carried out a completely HIPAA-compliant breach response. The event was informed to the Division of Health and Human Services’ OCR, an additional breach notification was placed conspicuously on the ECKAAA website, and mass media reports were presented to famous newspapers serving each of the 5 counties where the organization operates. All people have now been alerted to the possible breach of their PHI by post.