Another Healthcare Firm Falls Victim to GandCrab Ransomware

GandCrab ransomware was first introduced in early 2018 and it is an infamous family of cryptovirus. It has this dubious distinction as one of the most destructive cyber infections, and within a year, it has created enough furor.

The ransomware has been using an array of various distribution methods, including cracks, keygens RIG, GradSoft, and Fallout exploit kits. Bitdefender research team has termed it as one of the most devastating malware in recent times.

Cybercriminals have developed a taste for healthcare institutions, and it has recently hit the Doctors’ Management Service which fell victim to GandCrab ransomware. It infected their systems by injecting code designed to steal data for future fraud operations.

You may have not heard of DMS (Doctors’ Management Service). It’s a medical billing service headquartered in Massachusetts that provides medical billing services to physicians and hospitals. Your hospital or physician might have provided them with your health information if your doctor or hospital contracts with them.

According to the DMS notice the breach, occurred in April of 2017. The organization realized the breach in December last year when the attackers via Remote Desktop Protocol (RDP) placed ransomware on their vulnerable workstation. An investigation later revealed the most notorious ransomware deployed GandCrab.

DMS declined to pay the ransom as demanded by the GrandGrap operators and recovered its data from backup. The organization is not sure if the attackers have accessed the backup information, but to be on the safe side, they notified everyone who may have been affected. If the attackers are also in possession of the data, it is obvious they will have sensitive diagnostic information, and other details like name, address, and date of birth, Social Security number, license number, insurance details, and other information.

The company has offered its clients a free credit monitoring service to those who have received DMS’s notice. Nevertheless, since credit monitoring isn’t tantamount with protection against fraud, affected parties are advised to carefully monitor their bank statements for any abnormalities. DMS has changed its network security system in order to restrict unauthorized access to its systems and to improve its network security.

Why this breach is serious is because almost 38 healthcare centers have been impacted, including Beverly Surgical Associates, Today’s Wellness PLLC, Thompson Medical Associates, New England Community Medical Services, Neuro Institute of New England, and more.

1. Anjum Baqai Associates
2. Arcangel Neurological Consultants
3. AT Care PLLC
4. AUM Healing Center
5. Bell Mental Health Associates
6. Beverly Surgical Associates
7. Bhealthy Primary Care
8. First Choice Community Medical Services
9. Holy Family Medical Specialty
10. Lowell General Inpatient Specialists
11. NE Pulmonary & Sleep
12. New England Inpatient Specialists
13. New England Pulmonary & Sleep Specialists
14. Today’s Wellness PLLC
15. Incare LLC
16. Principes Medical Group
17. Joseph Schwartz PLLC
18. Neuro Institute of New England
19. New England Reconstructive & Aesthetic
20. Northwoods Surgical, PLLC
21. Pathways Healthcare LLC
22. Peaceful Soul
23. Personalized Medicine
24. Pinnacle Medical Group
25. Post-Acute Cardiology
26. Precision Surgical Specialists of Lowell
27. Premiere Care
28. Saxony Primary Care PLLC
29. Sports Medicine Health LLC
30. Surgical Group of Norwood
31. The Wholeness Center
32. Theresa M Smith Practice
33. Thompson Medical Associates
34. WLB Rehabilitation Medicine
35. Heywood Athol Inpatient Specialists PLLC
36. Winchester Hospital Inpatient Specialists
37. Dutch Connection LLC
38. New England Community Medical Services

Related Resources:

GandCrab Ransomware Sextortion Campaign Targets Thousands

Bad Actors Still Raking Profit From Ransomware

Healthcare Industry Continues To Be the Favourite for Ransomware