Ransomware Attacks Informed by Healthcare Suppliers in Illinois and Rhode Island

Dec 7, 2018


A roundup of latest healthcare ransomware attacks, secrecy breaches, and security incidents that have been publicized in the past few days.

Center for Vitreo-Retinal Diseases Ransomware Attack Affects 20,371 Patients

The Center for Vitreo-Retinal Diseases in Libertyville, IL, suffered a ransomware attack that led to the encryption of data on its servers. The attack was noticed on September 18, 2018. The inquiry into the breach indicates the attacker might have gained access to the protected health information of 20,371 patients that was saved on the affected servers.

The attack seemed to have been carried out with the purpose of extracting money from the practice. Although it is possible that patient information was accessed by the attacker, no proof of illegal data access, data theft, or abuse of patient information has been found.

The information that was possibly undermined included names, health insurance information, birth dates, telephone numbers, addresses, health data, and the Social Security numbers of Medicare patients.

The Center for Vitreo-Retinal Diseases has since studied its safety protections and has taken steps to avoid similar safety breaches from happening in the future.

Rhode Island Health Center Experiences Ransomware Attack

Woonsocket, RI-based Thundermist Medical Center suffered a ransomware attack on the evening of Thursday, November 28 which took some of its computer systems out of action. Fast action was taken to safeguard patient information and unaffected systems were secluded to avoid extensive file encryption.

The health center applied its emergency procedures and was able to carry on providing medical facilities. There was minimal effect on patients even though certain appointments were annulled out of safety concerns because of the inability to access medical files. Thundermist Medical Center doesn’t think any patient information was undermined in the attack.

Mailing Mistake by Seller of OrthoTexas Doctors and Surgeons Caused Patient Name Disclosure

OrthoTexas Doctors and Surgeons, a network of orthopedic and sports medicine practices in Texas, has found a mistake was made on an October 5, 2018 mass mailing which led to the unintentional disclosure of patient information to other patients.

The letters were notices that a doctor had joined the practice and would be treating patients at its services in Frisco and Plano. The letters, which were erroneously dated August 27, 2018, were placed in wrong envelopes by the practice’s mailing seller.

The mailing was sent to 2,172 patients and led to the name of one patient being disclosed to another patient. No other patient information was incorporated in the mailing.

San Mateo Medical Center Discovers Improper Disposal of 500 Patients’ PHI

San Mateo Medical Center in Daly City, CA, has found the medical files of up to 500 patients have been unintentionally exposed as a consequence of a wrong disposal occurrence.

The paper records had been left during the night in a box under a worker’s desk and provisional cleaning staff misidentified the box for recycling and disposed of the documents in a recycling container that was only planned to be used for non-confidential paperwork. San Mateo Medical Center has separate recycling boxes for paperwork having secret information which is sent for destroying before removal.

The paperwork relates to patients who visited its Daly City service on November 5-6 inclusive. As the documents have not been recovered it was not possible to tell precisely which patients have been impacted, and neither the precise information that was recorded on the documents.

San Mateo Medical Center thinks the patients impacted by the occurrence have had the following information disclosed: Name, gender, patient account number, age, service date, medical record number, birth date, provider or resource name, and insurance code.

San Mateo Medical Center has reinforced its plans on the correct method to dispose of confidential information and the Daly City clinic manager has ordered staff not to leave secret information out during the night and to place secret documents in shredding containers immediately when they are no more required.