California’s National Ambulatory Hernia Institute experienced a ransomware attack on September 13, 2018 resulting in the encryption of files on its network. The breach notice posted to the National Ambulatory Hernia Institute’s website states that the attackers potentially accessed the demographic data of patients who had received medical services or visited the healthcare provider before July 19, 2018.
The attackers potentially gained access to a limited amount of protected health information of 15,974 of its patients, such as names, addresses, dates of birth, diagnoses, consultation dates, and Social Security numbers. Because some of the exposed information is sensitive in nature, affected patients have been advised to sign up for identity monitoring services for at least 12 months. It is not clear from the breach notice whether the healthcare provider is paying for the patients’ identity theft monitoring services.
According to the National Ambulatory Hernia Institute, all patient data have now been moved to an off-site web server and more security controls have been implemented, including a more advanced firewall and antivirus software. The breach investigation is ongoing.
The National Ambulatory Hernia Institute did not issue any details about the type of ransomware that was used in the attack other than saying the attack was connected with the email address – firstname.lastname@example.org. This email address has previously been used in attacks using Gamma ransomware – a variant of CrySiS ransomware. The breach notice did not say whether the National Ambulatory Hernia Institute paid the ransom to regain data access.