Healthcare Compliance Training and Certification

HIPAA News

New Jersey Sleep Medicine Specialists Experience Ransomware Attack

by | Dec 13, 2017

The New Jersey-based Hackensack Sleep and Pulmonary Center, experts in sleep disorders and pulmonary conditions and diseases, has suffered a ransomware attack that in the protected health information of certain clients being encrypted.

The ransomware attack happened on September 24, 2017 and lead to medical detail files being encrypted by the virus. The attack was uncovered the next day. As is normal in these attacks, the attackers made a ransom demand, the payment of which was required in order to get the keys to unlock the encryption.

Hackensack Sleep and Pulmonary Center was ready for ransomware attacks, and had made backups of all files, and the backups were stored securely remotely. The backups were used to recover all encrypted data without paying the ransom demanded.

While data access is always a possibility with ransomware attacks, the purpose of ransomware is normally to make data inaccessible and force victims to pay for the key to unlock the encryption. Ransomware attacks normally do not involve data access or data theft. Hackensack Sleep and Pulmonary Center has no evidence to suggest this attack was any different. No proof was found to suggest that any data were removed from its system or viewed by the cyberattackers.

The variety of information encrypted included diagnoses, notes, comments, procedures, and patient reports, along with names, addresses, Social Security numbers, dates of birth, insurance information, credit card numbers, and account details.

Hackensack Sleep and Pulmonary Center called in a forensic expert to assist with the investigation, and recommendations have been received on additional security protections that can be deployed to prevent future incidents from occurring. Those recommendations are being reviewed and additional security tactics will be implemented to enhance security and stop future attacks.

The incident has been made known to the Department of Health and Human Services’ Office for Civil Rights (OCR) and the New Jersey State Police Cyber Crimes Unit, and affected people have been alerted of the breach via mail.

The OCR breach portal shows 16,474 patients have been affected by the cyber incident.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy