After the ransomware attack on Colonial Pipeline, several ransomware groups for example REvil and Avaddon stated that they have put in place new policies that call for their affiliates to get consent before attacking an entity, and that attacks on medical care institutions had been forbidden. Having said that, a number of ransomware-as-a-service operations haven’t applied constraints and healthcare companies can still be targeted. Fairly recently, a few healthcare companies were confirmed as experiencing attacks.
San Diego Family Care
San Diego Family Care (SDFC) based in California has affirmed that it suffered the effects of a ransomware attack last December 2020. SDFC and also its business associate Health Center Partners of Southern California (HCP) were affected by a ransomware attack on their IT hosting company. It was reported that Netgain Technologies. Netgain Technologies spent $2.3 million on ransom payment to acquire the keys to decrypt the encrypted data files and advised SDFC and HCP on January 20, 2021 regarding the exposure of the protected health information (PHI) of their patients.
SDFC and HCP were furnished with a copy of the affected information and carried out an audit to find out which persons had been impacted and the types of data affected. The assessment was concluded on April 11, 2021 and to date, 125,500 patients are identified to have been impacted.
SDFC mentioned in its substitute breach notice that these types of information were affected: Names, Social Security numbers, government identification numbers, financial account numbers, dates of birth, health diagnosis or treatment data, health insurance data, and/or client IDs. Impacted people received notification letters via mail on May 7, 2021.
Prestige Medical Group
Internal Medicine Associates of Jasper, PC in Georgia, dba Prestige Medical Group, has reported to the HHS’ Office for Civil Rights that it suffered a ransomware attack that affected 34,203 patients.
The Avaddon ransomware gang launched the attack though it has earlier stated that it is halting attacks by affiliates on the healthcare industry. The attackers stated they had exfiltrated data of patients and employees before file encryption and published a sample of the information stolen during the attack on its leak website because the medical practice wasn’t cooperative. The attackers stated that they have information regarding the clients’ diseases, confidential cards, a variety of information, many opinions and reports from physicians, agreements and contracts, financial data, details about workers, and personal information of workers.
SAC Health Systems
SAC Health Systems located in San Bernardino, CA likewise was affected by a ransomware attack on its now previous IT service company, Netgain Technologies. SAC Health Systems was informed by Netgain Technologies on January 15, 2021 concerning the attack of the ransomware gang on its servers that contain patient information from November 15, 2020 to November 22, 2020.
SAC Health Systems affirmed on April 20, 2021 that the attack affected 28,128 people. The types of records breached included names, birth dates, addresses, driver’s license numbers, Social Security numbers, state identification numbers, tax IDs, financial account details, medical backgrounds, electronic signatures, medical insurance data, medical record numbers, physician names, prescription details, and reason for absence. All impacted persons are currently being alerted.