44,600 Patients Affected by Ransomware Attack at Golden Heart Administrative Professionals

AK-based billing company, Golden Heart Administrative Professionals, a Fairbanks is alerting 44,600 people that some of their protected health information has potentially been obtained by unauthorized people due a recent ransomware attack.

The ransomware was placed on a server storing the PHI of patients. A press release issued by the company, which is a business associate of several healthcare providers in Alaska, said that “all client patient information must assume to be compromised.”

Local and federal law enforcement agencies have been informed of hacking incident and efforts are continuing to rescue files.

The Golden Heart Administrative Professionals ransomware attack is the biggest data breach experienced by a healthcare group in July, and the second major data breach to be reported by an Alaska-based healthcare group during the same month.

The Alaska Department of Health and Social Services announced, earlier in July, that it had been hit by a data breach due to a malware infection. The Zeus/Zbot Trojan – an information stealer – had been placed on their servers which potentially allowed the hackers to gain access to the protected health information of ‘more than 500’ clients.

Recent reports indicate ransomware attacks are becoming less common, with many cybercriminal gangs changing operations to cryptocurrency mining; however, there does not appear to be any drop in the number of ransomware attacks on healthcare groups.

Recently, LabCorp, the national network of clinical testing laboratories, suffered a SamSam ransomware attack. The attack was discovered within 50 minutes and systems were disabled to stop widespread file encryption. The ransomware was added to the servers following a brute force remote desktop protocol (RDP) attack. It is not currently clear how many individual have been affected by the incident, although some reports indicate that millions of patients’ PHI may have been impacted.

On Monday, July 9, Cass Regional Medical Center in Harrisonville, MO, suffered a ransomware attack that lead to its communications system and electronic medical record system being unusable. The medical center redirected ambulances for stroke and trauma victims to alternate healthcare facilities in order to address the situation. As with the LabCorp hacking incident the ransomware was placed on the server following a brute force RDP campaign. The electronic medical record systems were kept offline for 10 days due to the attack.