Ransomware attack may expose data of 55.000 paediatric patients

6 April 2017
ABCD Children’s Paediatrics suffered a ransomware attack in which data of 55.447 patients was breached, including the protected health information of these patients. The hackers may also have gained access to data stored on the healthcare provider’s servers prior to ransomware being deployed.
The attackers made use of the Dharma virus, found investigators. The Dharma virus is a variant of the CrySiS ransomware family. Although this virus usually doesn’t exfiltrate data, the provider was unable to fully rule it out.

Compromised data includes patient names

The information potentially compromised included patient names, addresses and telephone numbers, Social Security numbers, insurance billing information, dates of birth, medical records, laboratory results, procedure technology codes and demographic data. Affected patients are being offered one year of credit monitoring and identity theft protection services via Equifax Personal Solutions. Patients can call at any times with concerns or questions.

Further investigation

The encryption process was hampered by the anti-virus solution ABCD Paediatrics uses. The IT team at ABCD isolated the affected servers and removed the virus. They were able to restore all affected data from backups. No evidence was uncovered to suggest data was accessed or exfiltrated, but the company was not able to fully rule it out.

ABCD is still assessing physical and cybersecurity. Security has already been modified to prevent a future incident. The paediatric centre alerted the FBI for further investigation. ABCD also contacted the U.S. Department of Health and Human Services. They began notifying parents on March 23.

Suspicious user logs

Although, according to officials, no confidential data was lost, ABCD remains concerned. It discovered suspicious user logs, thought to be evidence of hackers on the network. These indicated that computer programs or persons may have been on the server for a limited period of time, prior to the ransomware being installed. The organisation never received a ransom notice from the hackers. The hackers also did not reach out through different means of communication.

ABCD Paediatrics had installed a number of security defences, including but not limited to network filtering and security monitoring, intrusion detection systems, firewalls, antivirus software, and password protection. It shows that even with cybersecurity in place, ransomware attacks remain a threat. Total prevention may not be possible, reducing risk is: with the right cybersecurity solutions and securely stored backups of data.