44,600 Patients Affected by Golden Heart Administrative Professionals Ransomware Attack

Golden Heart Administrative Professionals based in Fairbanks, AK is a billing company that serves as a business associate to a number of healthcare companies in Alaska. It encountered a ransomware attack recently and is informing 44,600 individuals that unauthorized persons potentially accessed their protected health information (PHI). The ransomware was installed on a server on which patients’ PHI was stored.

Federal and local law enforcement agencies were informed of the ransomware attack and the investigation into the breach is continuing. Efforts are ongoing to restore files encrypted in the attack. The ransomware attack on Golden Heart Administrative Professionals is currently the largest data breach to be reported by a healthcare company in July and is the second major data breach reported by a healthcare company based in Alaska so far this month.

In early July, the Department of Health and Social Services in Alaska announced that it had experienced a data breach due to a malware attack. A Zeus/Zbot Trojan was downloaded that potentially enabled the attackers to gain access to the PHI of over 500 persons.

Ransomware attacks are declining, although the healthcare industry is still being targeted. Last week, a suspected SamSam ransomware variant was used in an attack on LabCorp. Fortunately, LabCorp detected the attack around 50 minutes after it happened and systems were powered down to avoid extensive file encryption. The ransomware was installed through a brute force remote desktop protocol (RDP) attack. The number of patients impacted by the attack is not currently known, though some reports indicate that the PHI of millions of patients may possibly have been affected.

Cass Regional Medical Center located in Harrisonville, MO encountered a ransomware attack on July 9. The communications system and electronic medical record system was rendered inaccessible. The medical center redirected stroke and trauma victims to other healthcare providers while its EHR system was offline. Just like the LabCorp attack, the ransomware was installed via a brute force RDP attack. The EHR system was offline for 10 days while its systems were restored.