A ransomware attack on Jemison Internal Medicine of Alabama on December 20, 2017 lead to electronic health records being encrypted, disabling access to the patient data for the healthcare provider.
A ransom demand was sent for the keys to disable the encryption although no payment was given to the attacker. Luckily, Jemison Internal Medicine had viable backups of electronic PHI and restored data after reinstalling the operating system on affected devices. A review of its system post-data restoration showed no traces of the malicious software persisted.
While ransomware attacks are often not targeted and happen due to employees responding to phishing emails, this attack was more focused. The review into the security breach showed an unauthorized person had gained access to Jemison Internal Medicine’s computer system and had access for a period of around three months.
The investigation did not show any proof to indicate the EMR system was accessed by the hacker, although it was not possible to eliminate data access with a high degree of certainty. The types of data that could potentially have been seen or copied include names, telephone numbers, dates of birth, addresses, Social Security details, driver’s license numbers, prescription information, health insurance details, and treatment and procedure details.
The incident has lead to Jemison Internal Medicine to complete an audit of security, policies, and processes and steps have been taken to safeguard its systems and prevent further attacks. Remote connectivity to its computers has been switched off, all passwords have been amended, and other measures have been adapted to enhance security.
Patients impacted by the security breach have now been alerted by mail and the incident has been made known to to the Department of Health and Human Service’ Office for Civil Rights. The OCR breach summary states that the protected health information of 6,650 patients was potentially affected.