Analecta Cyber Company Blog: July 2016


Another Ransomware Attack Affecting 6,800 Patients

An allergy clinic in Colorado shut down its server when evidence of ransomware surfaced in its computer systems. According to the Office of Civil Rights (OCR) data breach reporting tool, this recent ransomware attack affected 6,851 patients.

On May 16, 2016, Colorado-based Allergy, Asthma & Immunology of the Rookies, P.C. (AAIR) discovered Ransomware on a healthcare information system. The ransomware was first detected when the practice experienced difficulty accessing some files on the system.


4,300 Patient Records Breached at Mass. General Partner

The protected health information (PHI) of about 4,300 patients was compromised at the Massachusetts General Hospital in a recent security beach of a third-party vendor.

The hospital expressed their apology in a letter published to its website dated June 29. It reiterated their commitment to the security and confidentiality of their patient information.


CIMA DocuClass Healthcare Solution Vulnerable to Data Extraction

Earlier today Karn Ganeshen released details of several exploits that allow an attacker to bypass authentication and extract ePHI records stored in the CIMA DocuClass storage system used my many healthcare providers.

Specifically, an access control flaw allows an attacker to easily access any records stored in the system without requiring a user logon.

Other exploits were also identified, however, the unauthenticated access poses most immediate threat at this time.

WARNING: If you are using the CIMA DocuClass solution and it is publically accessible, we recommend you immediately disconnect the system from any network and investigate recent access audit logs.

We have attempted to contact CIMA for information about a pacth but have not heard back yet.

Updated 16 July, 2016

The vendor, CIMA, has not returned any calls or emails requesting further information.

Recommended Response

1. Ensure only internal access to any DocuClass system you are operating.
2. Increase logging and monitoring of the system.
3. Plan a transition from DocuClass to a comparable technical solution.
4. Implement the new technical solution.

Analecta is able to provide assistance with technical logging and monitoring of the CIMA DocuClass system to assist you in protecting critical ePHI during your transition to a new solution. Contact us at

The original researcher provided the following link:
More information about the series of exploits can be found here: