A cancer treatment center has notified more than 19,000 patients of a ransomware attack that might have affected their personal and medical information. Medical Oncology Hematology Consultants, P.A. ("the Practice), which is located in the Helen F. Graham Cancer Center & Research Institute, detected the infection on 7 July 2017. Its analysis reveals the unknown ransomware affected certain files on the Practice's server and workstations. Among them were electronic health records (EHRs) that included patients' names, dates of birth, phone numbers, and medical information. The attack originally occurred on 17 June 2017. As of this writing, it's unknown why it took the Practice so long to detect the ransomware attack and how it eventually did so. But it's clear the cancer treatment center sprang into action once it did. As it explains in a breach notification letter (PDF):
"Immediately upon learning of the presence of ransomware on our systems, we commenced an investigation to determine its scope, the impact on our systems, and the identity of those affected. We also engaged third party experts to assist us in recovering the affected data, to help ensure that our systems were no longer subject to the ransomware, and to examine whether protected health information or personally identifiable information had been used, accessed, disclosed, acquired, or otherwise compromised by unauthorized parties. As we mentioned, the Practice is not aware of any improper use, disclosure, or acquisition of, or access or compromise to, the information contained in the affected files."
DataBreaches.net reports the Practice ultimately notified 19,203 patients about the ransomware attack. Those who heard from the cancer treatment center should call ID Experts at (844) 402-8950 and activate their 12 free months of credit monitoring services offered by Medical Oncology Hematology Consultants. They should also watch their credit reports carefully and report any suspicious transactions.
In the meantime, the Practice, which restored its files from data backups, should implement additional ransomware prevention strategies in addition to the security measures they've already enacted. Those procedures should include creating a robust vulnerability management strategy, regularly testing their employees on phishing attacks, and doing all they can to protect patients EHRs. For more information on how to defend your EHR system, download this resource. News of this attack follows several months after a vendor of health information technology restored access to its EHRs after it suffered a ransomware attack.