Premier Family Medicine is in the process of notifying 320,000 individuals that their protected health information may have been compromised following a cybersecurity incident.
The physician group, based in Utah, discovered the incident on July 8. An unauthorised individual had gained access to Premier Family Medicine’s network and launched a ransomware attack. The attacker blocked user access to patient information and other vital systems.
Premier Family Medicine immediately launched an attempt to regain access to their network and contracted a third-party cybersecurity organisation to assist with the breach response.
Premier Family Medicine also informed law enforcement of the incident.
According to the breach report dated August 30 on their website, the breach affected all ten of Premier Family Medicine’s branches.
The breach report did not provide any clarification on how Premier Family Medicine regained access to their data. It is possible that the data could have been restored from backups with the help of the third-party consultants. If this was not possible, then it is likely that the organisation paid whatever ransom was demanded of them to unlock their data and restore their services.
“Even though our investigation has found no reason to believe patient information was accessed or taken, we are very concerned that this event even occurred and have taken steps to further enhance the security of our systems,” said Premier Family Medicine chief administrator, Robert Edwards.
Although it appears unlikely that the attack exfiltrated or altered any patient information, the possibility could not be ruled out definitively, and therefore Premier Family Medicine deemed it pertinent to inform 320,000 patients that the incident may have compromised their data.
No mention was made of how the attacker first gained access to the network; it is highly likely that one of the members of staff clicked on a phishing email and accidentally downloaded and ran the malware on their device. If this were the case, this incident highlights the importance of adequate cybersecurity training for all staff. Only one mistake made by a single individual is enough to bring down an entire system. Senior managers should take steps to ensure that employees are trained to spot and deal with phishing emails appropriately.