Jemison Internal Medicine of Alabama had a ransomware attack on December 20, 2017. Electronic health records were encrypted so that the healthcare providers were not able to gain access to patient data. The attacker demanded ransom in exchange for the encryption keys but Jemison Internal Medicine did not pay any. The electronic protected health information was restored from backups after reinstalling the operating system on infected computers. System analysis revealed that no malicious software remained after data restoration.
Ransomware usually attacks randomly and finds its way through phishing emails sent to employees’ emails. But this ransomware attack was targeted. According to the investigation of the security breach, an unauthorized person gained access to the company’s computer system for a period of 3 months more or less.
Fortunately, there’s no evidence that the attacker accessed the EMR system. But it’s not 100% certain that there was no data accessed. It’s possible that information such as names, dates of birth, telephone numbers, addresses, driver’s license numbers, Social Security numbers, treatment, procedure details, prescription information and health insurance details have been copied or viewed.
Jemison Internal Medicine reviewed its security, policies and procedures as a response to the breach incident. Steps such as disabling remote computer connectivity and changing all passwords were taken to secure its systems and to prevent similar attacks in the future.
All Jemison Internal Medicine patients affected by the data breach already received notifications by mail. The Department of Health and Human Service’ Office for Civil Rights also received the report that the breach potentially compromised the protected health information of 6,650 patients.