Delaware Guidance Services for Children and Youth Ransomware Attack Affects 50,000 Patients

Delaware Guidance Services for Children and Youth (DGS) is notifying 50,000 individuals of a recent ransomware attack that saw the facility pay ‘thousands’ to the hackers.

The hackers launched the ransomware attack on Christmas Day, 2019. DGS, based in Wilmington, has not publicly revealed the sum of money paid to the hackers to unlock the files on its data servers. The hackers sent the decryption keys to DSG once they received the ransom payment.

Ransomware is malware variant which denies the user access to their device, or individual files on the device until a ransom has been paid to the scammer. Ransomware attacks are becoming increasingly common, particularly against organisations in the healthcare industry due to the high black-market of healthcare data. The malware is even available on the dark web. If a campaign were successful, it would prove a lucrative endeavour for the hacker with minimal effort on their part. The hacker often delivers malware through targeted phishing attacks.

DSG contracted a third-party IT cybersecurity company to conduct a forensic analysis of the ransomware attack. The investigators did not find evidence that the hacker accessed sensitive information before encrypting files, or that any of the files had been further compromised or stolen. The hacker’s sole motive appears to have been to extort money from DGS.

Following HIPAA’s Breach Notification Rule, DGS started sending notification letters to the parents and guardians of the affected children on February 26, 2019.

The investigators determined that the compromised files included names, addresses, birth dates, medical information, and Social Security numbers.

DSG has offered all affected individuals 12 months of complimentary credit monitoring services through MyIDCare.

DSG reported the ransomware attack to law enforcement and the Department of Health and Human Services’ Office for Civil Rights (OCR). The OCR breach summary indicates that the PHI of up to 50,000 individuals was potentially compromised in the attack.