Minnesota Ransomware Attack Impacts Over 6,500 Patients

by Ryan Coyne | May 24, 2018

Associates in Psychiatry and Psychology (APP) a Rochester, Minnesota-based health organization has suffered a ransomware attack that targeted several computers that stored patients’ protected health data.

The ransomware attack was identified on March 31, 2018. Patient information held on the affected computers was not in a “human-readable” format, and no proof was found to suggest any protected health information was obtained or copied by the hackers.

Since data access could not be ruled out with 100% certainty, all patients whose data were stored on the targeted devices have been made aware of the security breach. The types of data potentially obtained includes names, birth dates, addresses, Social Security numbers, insurance details and treatment histories.

APP moved swiftly when the attack was noticed and took its systems offline to stop the spread of the ransomware and restrict the potential for further encryption of data and data theft. APP’s systems remained offline for another four days while the attack was reviewed.

APP stated that the attack is thought to have commenced between the evening of Friday, March 30 and the morning of Saturday, March 31. The sort of ransomware used in the attack was “Triple-M.” APP outlined that this variant of ransomware uses the RSA-2048 encryption protocol and very long keys to encrypt data. The system restore function was also switched and the hackers reformatted the network storage device that was used to hold backups.

APP’s IT Director, Steve Patton, stated to databreaches.net that the ransom was paid as files could not be restored from backups due to the actions taken by the hackers. At first, a ransom demand of 4 Bitcoin was issued, around $30,000, although the practice managed to negotiate with the attackers and paid 0.5 BTC (approx. $3,758) for the keys to rescue the encrypted data.

All systems and data have now been brought back online, extra layers of security and encryption have been adapted, and APP’s remote access policies have been updated.

The breach report submitted to the Department of Health and Human Services’ Office for Civil Rights (OCR) revealed that 6,546 patients were potentially affected. APP notes that there was clear proof that protected health information was not accessed by the hackers; however, as a precautionary measure, APP has advised affected patients to review monitor their credit reports closely for any sign of fraudulent use of their private information.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Used in 1000+ Healthcare Organizations and 100+ Universities

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter