Minnesota Ransomware Attack Affects Over 6,500 Patients

May 26, 2018


Associates in Psychiatry and Psychology (APP) a Rochester, Minnesota-situated health business has suffered a ransomware attack that targeted numerous computers that saved patients’ safeguarded health files.

The ransomware attack was known on March 31, 2018. Patient information held on the impacted computers was not in a “human-readable” format, and no proof was obtained to indicate any PHI was gotten or copied by the hackers.

As data access might not be ruled out with 100% confidence, all patients whose data were saved on the targeted appliances have been made conscious of the safety breach. The kinds of data possibly obtained included names, Social Security numbers, addresses, birth dates, insurance details and cure histories.

APP moved quickly when the attack was detected and took its systems offline to halt the distribution of the ransomware and limit the possibility for additional encryption of data and data theft. APP’s systems remained offline for additional four days while the attack was examined.

APP said that the attack is believed to have started between the evening of Friday, March 30 and the morning of Saturday, March 31. The type of ransomware used in the attack was “Triple-M.” APP outlined that this variation of ransomware uses the RSA-2048 encryption procedure and very long keys to encrypt data. The system repair function was also switched and the hackers reformatted the network storage appliance that was used to keep backups.

APP’s IT Director, Steve Patton, said to databreaches.net that the ransom was paid as files might not be reestablished from backups because of the measures taken by the hackers. Initially, a ransom demand of 4 Bitcoin was issued, about $30,000, even though the practice managed to discuss with the attackers and paid 0.5 BTC (approx. $3,758) for the keys to rescue the encrypted data.

All systems and data have now been taken back online, additional layers of safety and encryption have been adopted, and APP’s distant access policies have been modernized.

The breach report submitted to the Division of Health and Human Services’ Office for Civil Rights (OCR) disclosed that 6,546 patients were possibly affected. APP notices that there was clear evidence that PHI was not retrieved by the hackers; nevertheless, as a preventive measure, APP has recommended affected patients to monitor their credit reports closely for any indication of fake use of their confidential information.