The Women’s Health Care Group of Pennsylvania, with 45 workplaces all through the state, has notified 300,000 of its sufferers that a ransomware attack has put their private health info in danger.
The health system found a server and workstation at certainly one of its practices was contaminated by ransomware on May 16. Officials stated the contaminated server and workstation have been faraway from the community, earlier than officers launched an investigation by a pc forensics staff.
The investigation revealed the cybercriminals started hacking the system as early as January 2017, by leveraging a safety vulnerability. Officials stated the safety flaw allowed restricted entry to affected person info earlier than it encrypted sure information.
The health system couldn’t decide if affected person info acquired or seen.
The knowledge stolen by hackers included names, Social Security numbers, delivery dates, being pregnant histories, blood sort info, lab outcomes, medical report numbers, insurance coverage info and medical diagnoses. Officials stated the encrypted information have been restored from backups and didn’t disrupt affected person care.
This sort of knowledge is utilized by hackers to construct full profiles of sufferers which might be then positioned on the market on the darkish net. For instance, by leveraging insurance coverage knowledge, a hacker can masquerade as an insurance coverage agent and try to gather cash from a affected person.
The health system has additionally filed a report with the FBI.
“Maintaining the integrity and confidentiality of our patients’ personal information is very important to us, officials said in a statement. “We’re conducting a comprehensive internal review of our information security practices and procedures to help prevent such events in the future.”