Share this article on:
Ransomware attacks have recently been reported by four healthcare providers across the country, which have collectively resulted in the exposure and potential theft of the protected health information of more than 49,000 individuals.
Jax Spine & Pain Centers
Jax Spine and Pain Centers in Jacksonville, FL has recently announced it was the victim of a ransomware attack that occurred on January 24, 2022. The attack was conducted on an inactive server that contained records of patients who had visited either its Jacksonville or St. Augustine locations prior to May 2018.
Jacksonville Spine Center said the attackers claimed to have stolen files from the server and threatened to publish the stolen data if the ransom was not paid but did not say whether a payment was made to prevent the publication of the data.
Monitoring software had been installed on the server which allowed the attack to be rapidly detected, and due to the prompt action taken in response to the breach, it was possible to prevent the encryption of data. As soon as the breach was detected the server was shut down, but it was not possible to prevent the exfiltration of a compressed file that contained patient information.
Jacksonville Spine Center said its current patient record system is based in the cloud and was unaffected and the only patient data obtained in the attack was demographic information – names, addresses, dates of birth, and a limited number of Social Security numbers.
Extend Fertility, a New York City fertility clinic, has recently notified 10,373 patients that some of their protected health information has potentially been obtained by unauthorized individuals as a result of a ransomware attack that was detected on December 20, 2022.
An investigation was launched into the attack and third-party computer forensics experts were engaged to determine the nature and scope of the security breach. The initial investigation concluded on January 28, 2022, and determined the attackers had gained access to its systems on or around December 15. 2021, and successfully encrypted files on its network and servers. While data theft was not 100% confirmed, Extend Fertility said it is likely files containing patient information were exfiltrated from its systems.
An analysis of all files potentially affected confirmed they contained the following types of information: First and last name, gender, home address, phone number, email address, date of birth, medical history, diagnosis and treatment information, date(s) of service, lab test results, prescription information, provider name, medical account number, health insurance policy and group plan number, group plan provider, and claim information.
Extend Fertility said it is unaware of any actual or attempted misuse of patient information; however, as a precaution, affected individuals have been offered complimentary credit monitoring and identity theft protection services. Extend Fertility said it is working with external security consultants to identify ways that security can be improved and additional safeguards will be implemented based on the recommendations. The employee cybersecurity training program will also be enhanced.
Spine Diagnostic & Pain Treatment
Spine Diagnostic & Pain Treatment in Louisiana appears to have been the victim of a Conti ransomware attack. According to Databreaches.net, 3,351 files containing patient information have been uploaded to the Conti gang’s data leak site, which the Conti gang claims represents around 30% of the exfiltrated files. Around 4 GB of data was uploaded to the leak site and the files contained a selection of data including scanned driver’s licenses, patient records, insurance billing information, and other PHI.
Spine Diagnostic & Pain Treatment has yet to confirm that it has suffered an attack and there is currently no record of the breach on the Office for Civil Rights and state attorneys general websites, so it is currently unclear how many patients have been affected.
La Posada at Park Centre
La Posada at Park Centre, a retirement community in Sahuarita, AZ, has recently notified 812 individuals that some of their protected health information was exposed and potentially compromised in a cyberattack that occurred on December 10, 2021. La Posada said “a software virus” was downloaded onto its systems that prevented staff from accessing files and email. Assisted by third-party forensics experts, La Posada determined on January 24, 2022, that the attackers potentially had access to files that contained patient information.
The types of data in the affected files varied from patient to patient and may have included: first and last names, birth dates, driver’s license numbers, Social Security numbers, direct deposit information, passport numbers, drug and/or TB test results, Member ID numbers, COVID vaccine cards, and information associated with explanation of benefits and self-funded medical plan participants.
La Posada said it is reviewing its security policies and procedures and will take steps to improve security.