A four-site pediatric group serving the San Antonio metropolitan place victoriously fought off a ransomware attack, but it yet is giving 55,447 sufferers identity and credit protection services from Equifax Personal Solutions.
Before the ransomware attack, ABCD Pediatric group already had software applications that supplied network filtering and security monitoring, intrusion detection, and firewall, antivirus and password protection.
The practice became aware of the attack on the day of February 6, when a worker discovered a virus that started encrypting servers. The encryption was slowed primarily by existing antivirus software, the firm explained to sufferers in a notification letter, and the practice’s IT vendor shifted all servers and computers offline.
A practice administrator didn’t respond to a request for extra information. Ransomware strikes pediatric group which has impacted 55,000 sufferers’ data.
Potentially compromised data involved names, addresses, phone numbers, dates of birth, demographic information, Social Security numbers, insurance billing information, procedure codes, medical records and lab reports, its letter to sufferers noted.
The vendor identified the virus strain as “Dharma Ransomware,” a variant of an older virus called “CriSiS.” These strains generally don’t remove data from servers, but that couldn’t be ruled out, executives of the practice say. “Also, during the analysis of ABCD’s servers and computers, suspicious user accounts were discovered, recommending that hackers might have accessed portions of ABCD’s network,” the practice told sufferers.
After the virus and corrupt information were removed, the practice was capable to restore all affected data through secure backup files stored away from servers and computers. No ransom demands or other communications were got.
While the practice’s IT vendor discovered no evidence of data being acquired or removed, it couldn’t rule out the possibility, sufferers were told. “Significantly, ABCD can’t confirm with a high degree of likelihood that confidential information remained secure throughout this incident.”
Subsequently, the practice pointed out that no confidential or protected health information was lost and no ransom demands were made, but indications that programs or persons might have been on the server compelled notifying patients, the FBI and the HHS Office for Civil Rights.
In regard to the Equifax protective services, the practice suggested patients place a fraud alert on their credit files with credit reporting firms.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment