Indiana Physicians Group Attacked with SamSam Ransomware
Part of Allied Physicians Group of Michiana’s network was down because of a ransomware attack. This incident happened on May 17, 2018. The attacker encrypted several files on the network. It is not clear at the moment if any protected health information (PHI) was encrypted but investigation is ongoing to determine if the security incident resulted to the compromise of any PHI.
Allied Physicians Group of Michiana detected the attack promptly and took action to shut down its network to keep the PHI of patients protected. The incident responder, third party consultants and professionals are working together to find out the scope of the attack and restore the encrypted files.
It was reported by the Indiana Physicians Group that all data were restored and secured. The attack did not significantly disrupt patient services. To prevent similar incidents from happening again, steps were already taken to strengthen security and mitigate risks.
CEO Shery Roussarie made a press release on May 21 explaining that the incident was a SamSam ransomware attack. There had been several cyberattacks involving the SamSam ransomware in the past year. One of the prominent ones was the SamSam attack in Atlanta City.
The purpose of the cybercriminal gang in launching these attacks is to extort money. Typically, the attacker asks the victims for ransom payments of about $45,000. Whether the victims issued ransom payments or not, the ransom amount is usually not publicized. Roussarie also said in the press release that Allied Physicians Group of Michiana neither confirm nor deny that ransom was paid.
The FBI and other regulatory agencies are still investigating the entire incident. Allied Physicians Group of Michiana will release more information when available and will immediately notify the patients as soon as there’s confirmation of the potential exposure of their PHI.