On September 13, 2018, the National Ambulatory Hernia Institute in California suffered a ransomware attack that led to certain files on its system being encrypted.
As per the breach notice uploaded to the healthcare provider’s website, the attackers were possibly capable to gain access to demographic data of patients recorded before July 19, 2018.
Altogether, 15,974 patients have had some of their protected health information (PHI) disclosed as a consequence of the attack. The information possibly retrieved by the attackers was restricted to names, diagnoses, birth dates, addresses, appointment dates and times, and Social Security numbers. Patients who visited National Ambulatory Hernia Institute services for the first time after July 19, 2018 were unaffected by the breach.
Because of the confidential nature of the disclosed information, the National Ambulatory Hernia Institute has suggested affected patients to get identity checking facilities for a period of at least one year. The breach notice doesn’t state whether those facilities are being provided to patients free of charge.
The National Ambulatory Hernia Institute clarified that all data have now been transmitted to an off-site server and additional controls have been bought and applied to avoid more attacks, including a stronger firewall and antivirus software solutions. The inquiry into the breach is continuing.
The National Ambulatory Hernia Institute didn’t state what kind of ransomware was used in the attack, only that “the attack was tied to an electronic mail address firstname.lastname@example.org.”
That electronic mail address has earlier been associated with a variation of CrySiS/Dharma ransomware named gamma. Gamma ransomware ransoms are not fixed and are not stated on the ransom demands. Sufferers must email the attackers to find out how much they will charge for the keys to unlock files. No mention was made concerning whether the ransom demand was paid to recover access to data.