Ransomware Attack on FABEN Obstetrics and Gynecology Results in Patient Data Loss

FABEN Obstetrics and Gynecology in Jacksonville, FL has suffered a ransomware attack which has resulted in the encryption of files containing the protected health information (PHI) of patients.

FABEN learned of the ransomware attack and file encryption on November 21, 2018. The incident was immediately investigated to determine the scope of the attack and whether the attackers accessed or stole patients’ PHI.

The investigation confirmed that files containing patients’ PHI had been encrypted, but according to FABEN, the attackers did not access or download those files. The ransomware variant used in the attack was GandCrab. Although decryptors have been developed for some GandCrab ransomware variants, they do not work on the latest version of the ransomware.

FABEN received a ransom demand but the decision was taken not to pat the ransom demand and attempts were made to recover the encrypted files from backups.

According to an announcement by FABEN, the files that were encrypted in the attack related to patients who received services from FABEN between January 2007 and April 10, 2017. The files contained information such as names, diagnoses, treatment data, dates of visit, and labor and delivery data.

FABEN stated that the files created from 2007 to April 2014 could be recovered from backups, but the records from September 11, 2014 to April 10, 2017 have been permanently lost.

The information in the corrupted files included names, logs of blood sugar and blood pressure, information from paper medical records given to FABEN by patients during the above mentioned time frame, mentioned time period, and documentation associated with the Family and Medical Leave Act.

Because files are not believed to have been encrypted, the risk of identity theft and fraud is believed to be low. Patients whose PHi was lost have now been notified about the attack.

FABEN has submitted a breach report to the HHS’ Office for Civil Rights. The breach report indicates 6,092 patients have been affected. FABEN is still investigating the breach and is assisting law enforcement with its investigation.

Private security experts have been retained to evaluate security and further safeguards will be implemented to prevent repeat attacks and additional backup servers are now being used to prevent data loss.