Health Management Concepts is a private healthcare service provider operating for decades. The company renders its clinical and other healthcare services in several states. Last month, the IT department of the organization identified a ransomware activity on the network targeting a server, which was used to share information with clients.
Instead of commencing its own ransomware removal activities, HMC paid the ransom money to obtain the decryption key from the attackers. The organization hasn’t declared the amount of money paid to the attackers. It is important to note that the company succeeded in decrypting the locked down files without affecting its day-to-day healthcare management services.
However, three days after the attack, the company found out that it had mistakenly provided a file to the attackers containing confidential patient information. The file contains the names, health insurance plans and social security numbers of the members of IBU, one of the clients of HMC.
HMC immediately notified the IBU and regulators about this unintentional data breach. HMC management is still trying to figure out how a client file was sent to the attackers. Ransomware removal experts think that the file might be sent by the organization’s IT guys before the payment of ransom to verify that the decryption key is valid.
After the attack, HMC has started to work on streamlining its digital security. The company is setting up an all-new backup on a different cloud storage service. Moreover, the access to company servers through Remote Desktop Protocols has also been prohibited in the newly devised security policy.
The episode of HMC ransomware attack vindicates the position of law enforcement bodies and security experts that ransomware victims should not resort to ransom payments. An in-house ransomware removal measure by the organization would have prevented this inadvertent breach of confidential client data.