HMC Says Ransomware Attack Turned Into Healthcare Data Breach

When a ransomware attack happens, the damage can be devastating. The loss of access to patient records, and even losing record is critical, add to that your services get suspended, communication comes to a grinding halt. The entire system is crippled for days. We’ll take a closer look at one of these attacks and how they ended up compromising patient’s data.

We have seen what happened to a Lowa-based health system UnityPoint Health and how they fell victim and data of the thousands of patients was compromised. It was upon investigation they found that the company was getting a series of phishing emails, and some ignorant employee fell for it and ended up giving away his login credentials. The hackers got what they wanted i.e., access to an official email account. Nevertheless, Unitypoint discovered this only on May 31, 2018, and intimated the victim about the data theft.

Now, we have something on a similar line. A recent ransomware attack on the Health Management Concept recently has turned into a nightmare. Though the HMC paid the attackers for the decryption key and decrypted the data without impacting the healthcare management services it provides to clients. Later they found a major data breach, the personal details of the patient’s like names, health insurance information, social security number all compromised.

HMC server was attacked on July 16 as notified to the New Hampshire Attorney General, the attack happened on its server which is used to share files with clients.

The forensic firm that was engaged to deal with the ransomware attack inadvertently provided the file to the hacker that had all the details of the patients. The details included security numbers, and health insurance plan data, on IBU members. HMC explained that it provides chronic condition management to IBU (Inlandboatmen’s United of the Pacific National Benefit Funds).

HMC in its letter to the NH Attorney General said “To help prevent this type of incident from occurring again, HMC is adding enhanced security protocols to its current server, including removing access to the server through Remote Desktop Protocol. It also is migrating its server to another cloud computing service, which will provide additional security,”

Though it is still not clear how the personal details of the patients were unintentionally given to them and how many of them are affected by this incident. HMC is still to clarify on this matter.

It looks like that the forensic firm, went overboard and gave away the encrypted file to the attackers to exhibit that they, in fact, could decrypt the file if the ransom was paid. The attackers reacted by sending back the decrypted file. In this case, the file contained sensitive healthcare data. This oversight was clearly an error obviously a mistake, however, it substantially exacerbated the seriousness of the breach.

It is time to that you confirm that backup jobs are executed without error. Periodic backups are taken, because and it helps if a ransomware attack happens.