Analecta Cyber Company Blog: Another Ransomware Attack Affecting 6,800 Patients

2016-07-28

Another Ransomware Attack Affecting 6,800 Patients

An allergy clinic in Colorado shut down its server when evidence of ransomware surfaced in its computer systems. According to the Office of Civil Rights (OCR) data breach reporting tool, this recent ransomware attack affected 6,851 patients.

On May 16, 2016, Colorado-based Allergy, Asthma & Immunology of the Rookies, P.C. (AAIR) discovered Ransomware on a healthcare information system. The ransomware was first detected when the practice experienced difficulty accessing some files on the system.




Analysis of the incident identified a draft of a ransom message, leading analysts to believe the ransomware was an incomplete work-in-progress.



AAIR worked with Cyber Forensic specialists and local law enforcement to conduct a more thorough investigation. Following the incident, its IT specialists have recommended to replace the hard drives instead of cleaning them. Additionally, they have updated and reconfigured firewall settings and changed passwords. Fortunately, a backup was made to the AAIR system prior to the  ransomware incident.

Immediately after discovering the ransomware, the AAIR was able to shut down its server and promptly made contact with a forensic IT company. Although AAIR could not specify what type of data may have been compromised, the system reportedly contains PHI which includes social security numbers and medical test results.

A successful ransomware attack could cripple the normal operation of any healthcare organization. It is a type of malware the locks down critical parts its computer system. To gain back full access to the system, the hackers demand a payment of the ransom usually in bitcoins. In 2016, there are already several cases of [ransomware attacks in healthcare](http://blog.analecta-llc.com/2016/04/desert-valley-hospital-hit-with.html).

Learn how to stop Ransomware in it's tracks.