The New Jersey-based Hackensack Sleep and Pulmonary Center, experts in sleep disorders and pulmonary conditions and diseases, has suffered a ransomware attack that in the protected health information of certain clients being encrypted.
The ransomware attack happened on September 24, 2017 and lead to medical detail files being encrypted by the virus. The attack was uncovered the next day. As is normal in these attacks, the attackers made a ransom demand, the payment of which was required in order to get the keys to unlock the encryption.
Hackensack Sleep and Pulmonary Center was ready for ransomware attacks, and had made backups of all files, and the backups were stored securely remotely. The backups were used to recover all encrypted data without paying the ransom demanded.
While data access is always a possibility with ransomware attacks, the purpose of ransomware is normally to make data inaccessible and force victims to pay for the key to unlock the encryption. Ransomware attacks normally do not involve data access or data theft. Hackensack Sleep and Pulmonary Center has no evidence to suggest this attack was any different. No proof was found to suggest that any data were removed from its system or viewed by the cyberattackers.
The variety of information encrypted included diagnoses, notes, comments, procedures, and patient reports, along with names, addresses, Social Security numbers, dates of birth, insurance information, credit card numbers, and account details.
Hackensack Sleep and Pulmonary Center called in a forensic expert to assist with the investigation, and recommendations have been received on additional security protections that can be deployed to prevent future incidents from occurring. Those recommendations are being reviewed and additional security tactics will be implemented to enhance security and stop future attacks.
The incident has been made known to the Department of Health and Human Services’ Office for Civil Rights (OCR) and the New Jersey State Police Cyber Crimes Unit, and affected people have been alerted of the breach via mail.
The OCR breach portal shows 16,474 patients have been affected by the cyber incident.