Altus Hospital Baytown Experiences Dharma Ransomware Attack

November 12, 2018


Altus Hospital in Baytown, TX, has suffered a ransomware attack that led to the encryption of several hospital files.

The electronic medical record system was unaffected, even though some of the encrypted files had patients’ protected health information (PHI) including names, credit card information, Social Security numbers, birth dates, contact telephone numbers, home addresses, driver’s license numbers, and medical information.

The attack was found on September 3, 2018. Altus Hospital received a ransom demand; nevertheless, helped by a third-party safety advisor, Altus Hospital was able to restore all affected files from backups.

The investigator decided that the attacker gained access to the hospital’s servers prior to deploying a Dharma ransomware variation. Altus Hospital thinks the purpose of the attack was exclusive to extract money from the hospital. Data access and theft of patient information is not supposed to have happened.

Although the attack was restricted to Baytown hospital servers, some of the information saved on those servers came from the following affiliated units: Altus Women’s Center of Baytown, LP, LP, Clarus Imaging (Baytown), Oprex Surgery (Baytown), LP, Clarus Imaging (Beaumont), LP, Altus Radiation Oncology Baytown, LP, and Zerenity Baytown, LP.

Altus Hospital has engaged external risk and safety experts who are assisting to make improvements to the hospital’s cybersecurity safeguards.

PHI of 2,393 Patients of Southwest Washington Regional Surgery Center Compromised

Southwest Washington Regional Surgery Center has found an illegal individual has gained access to the electronic mail account of one of its workers as a consequence of a phishing attack.

The electronic mail account was breached on May 27, 2018, and access carried on until August 13, 2018. After an extensive forensic probe of the breach and a manual review of all electronic mails in the compromised account, Southwest Washington Regional Surgery Center decided on September 25 that the electronic mail account had the protected health information of 2,393 of its patients.

The kinds of information that might have been retrieved differed from patient to patient and might have included names, prescribed medications, details of surgical procedures performed, treatment information, diagnoses, Social Security numbers, driver’s license numbers, lab test results, and health insurance information. Some patients’ credit card numbers have also possibly been compromised.

Credit checking and identity theft restoration facilities are being offered to all patients whose Social Security number or driver’s license number were possibly retrieved by the attacker.

Southwest Washington Regional Surgery Center has updated passwords and improved electronic mail access procedures to avoid more phishing attacks.