If you live in the USA, then it is possible that you may receive an email from your local healthcare provider about how your information got encrypted due to a ransomware attack.
Reports are emerging that the Columbia Surgical Specialists in Spokane, Washington has faced a ransomware attack. As a consequence of the attack, it is estimated that PHI (protected health information) of up to 400,000 patients have been threatened!
On 18th February 2019, the Department of Health and Human Services’ Office for Civil Rights received the news of this breach. The report mentioned about a hacking incident in which the network server was breached.
Interestingly, the notice for this breach has not been updated on the website of the affected party. According to the HIPAA Journal, the attack was carried out in the beginning of the year on 7th January 2019.
So far, it has been suggested that the ransomware removal and recovery processes have been swift which has allowed the healthcare provider to recover its files. Moreover, they did not pay any ransom to the perpetrators. It is expected that the patients will soon be informed of the security breach.
Meanwhile, Mclaren Health Care in Grand Blanc (MI), Health Alliance Plan in Detroit (MI), and the Mary Free Bed Rehabilitation Hospital (MI) were among those healthcare institutions which reported that a ransomware attack breached their patient records. All of these attacks are linked to a common source: the WSG (Wolverine Solutions Group)—a billing services provider which offers services to healthcare institutions.
Last year, WSG was infected with a ransomware attack in September. As a result, the data of the organization was encrypted. Afterward, it was revealed that the attack spread to 700 of its clients—some of which are mentioned above. Overall, the data of 1.2 million patients was compromised as the investigations revealed it to be one of the most severe cyberattacks in the North American healthcare industry. The actual scale of the attack was not realized in the beginning.
In the subsequent months, several of the WSG clients received notifications of the ransomware attack. While the WSG tried its best to minimize the attack, they only began to send notifications in November—two months after the attack. As a consequence, many of their clients were left bewildered in the frenzy and could not carry out an effective ransomware removal strategy.
A spokesperson from the WSG has stated that according to their investigations, the actual reason of the attack was to extort ransom through blackmailing. In order to provide relief to the client, the WSG has publicly presented the opportunity to avail credit monitoring (12 months).