New Jersey Sleep Prescription Experts Experience Ransomware Attack

The New Jersey-based Hackensack Sleep and Pulmonary Center, specialists in sleep illnesses and pulmonary diseases and conditions, have experienced a ransomware attack that led to the PHI of certain patients encrypted. The ransomware attack occurred on September 24, 2017 and led to medical record files encrypted by the virus. The attack was found the following day. As is usual in these attacks, the assailants issued a payment claim, the payment of which was required to obtain the keys to open the encryption.

Hackensack Sleep and Pulmonary Center was equipped for ransomware attacks and had prepared backups of all files, and the copies were stored securely offline. The copies were utilized to recover all encrypted files without paying the ransom.

Although data access is a possibility with ransomware attacks, the purpose of ransomware is generally to make data inaccessible and compel victims to pay for the key to open the encryption. Ransomware attacks usually do not include data theft or data access. Hackensack Sleep and Pulmonary Center has no reason to think this attack was any different. No proof was uncovered to indicate that any data were seen by the assailants or detached from its system.

The types of info encrypted included notes, procedures, patient reports, as well as diagnoses, along with addresses, names, credit card numbers, account information, insurance information, dates of birth, and Social Security numbers.

Hackensack Sleep and Pulmonary Center called in a forensic professional to assist with the inquiry, and recommendations have been obtained on additional security defenses that can be arranged to prevent future cases from occurring. Those suggestions are being considered and extra security measures will be applied to improve security and avoid future attacks.

The case has been reported to the Division of Health and Human Services OCR as well as the New Jersey State Police Cyber Crimes Unit, and also impacted individuals have been informed of the breach by post.

The OCR breach portal shows 16,474 patients have been impacted by the event.