This year has seen a substantial rise in ransomware attacks on healthcare facilities. Throughout the year, cryptovirological operators have hit healthcare establishments in different states. A medical center in Georgia is one of the latest victims of cryptovirological shenanigans. Mind and Motion Development Centers in Georgia has publically revealed that it sustained a ransomware attack in the month of September.
According to the statement issued by the center, the confidential information of more than 16,000 patients including their insurance details and social security numbers got exposed after ransomware infiltrated their servers.
The center immediately reported the attack to the US Department of Health and Human Service. Moreover, it deployed their in-house IT team to carry out ransomware removal and recovery measures. The medical center also hired a compliance consulting firm to ensure that they were dealing with the crisis without violating rules and regulations prescribed by HIPAA.
Many details regarding the attacks are not available yet. For instance, we still don’t know what ransomware script was used in the attack. Similarly, the medical center hasn’t revealed the extortion amount demanded by the attackers to provide the key for ransomware removal.
The security breach report published by the center, however, says that security experts discovered a keylogger and spam emailer installed on the affected servers. Keyloggers are usually used to hack the login credentials of administration accounts and spam is the staple distribution method for spreading ransomware on a wider scale.
The medical center claims that the ransomware attack and data exposure didn’t create any inconvenience for the registered patients of the facility. While Mind and Motion Development Center was reeling from the ransomware attack, cryptovirological operators targeted a North Carolina-based medical center resulting in the compromise of more than 2.5 million patient records.