15-Month Security Breach Discovered During Ransomware Investigation

Peachtree Neurological Clinic has uncovered a 15-month security incident during the investigation of a ransomware attack. The Atlanta, GA clinic says the incident has resulted in the exposure of 176,295 patients’ protected health information.

Initially, sensitive data were encrypted when ransomware was installed on its systems. While the attack caused some disruption and its systems were temporarily taken out of action, the clinic was able to restore all encrypted data from backup files without paying a ransom.

A forensic investigation of the attack confirmed that all traces of the ransomware had been removed, although the investigation revealed its computer systems had been accessed by unauthorized individuals prior to the installation of ransomware. The earliest recorded intrusion was February 2016. Access to its systems was possible until May 2017 when the breach was discovered.

While access to data was possible, the investigation did not uncover any evidence to suggest protected health information had been stolen, although the possibility could not be discounted. Peachtree Neurological Clinic reports it was only possible to determine that unauthorized individuals had gained access to its systems not whether data theft occurred.

The compromised systems contained a wide range of sensitive data including names, addresses, contact telephone numbers, birth dates, driver’s license numbers, prescription details, treatment data, procedures performed, health insurance details and Social Security numbers.

Peachtree Neurological Clinic has notified all affected individuals by mail and those patients have been offered identity theft protection services. They have also been advised to monitor their accounts and Explanation of Benefits statements for any sign of fraudulent activity. The clinic is working with law enforcement, which is investigating the incident.

This incident highlights the importance of conducting a forensic investigation following a ransomware attack. While malicious actors may succeed in installing ransomware without compromising the network, that is not always the case. Ransomware is often used to extort money from healthcare organizations after an intrusion when no further use for system access is required, such as after all valuable information and data have been stolen.

About Ryan Coyne 218 Articles
Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan’s professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn https://www.linkedin.com/in/ryancoyne/ and follow on Twitter https://twitter.com/ryancoyne