New Jersey Sleep Medicine Specialists Experience Ransomware Attack

December 13, 2017 Patrick Kennedy HIPAA Updates Comments Off

New Jersey Sleep Medicine Specialists Ransomware Attack

The New Jersey-based Hackensack Sleep and Pulmonary Center, experts in sleep disorders and pulmonary conditions and diseases, has suffered a ransomware attack that in the protected health information of certain clients being encrypted.

The ransomware attack happened on September 24, 2017 and lead to medical detail files being encrypted by the virus. The attack was uncovered the next day. As is normal in these attacks, the attackers made a ransom demand, the payment of which was required in order to get the keys to unlock the encryption.

Hackensack Sleep and Pulmonary Center was ready for ransomware attacks, and had made backups of all files, and the backups were stored securely remotely. The backups were used to recover all encrypted data without paying the ransom demanded.

While data access is always a possibility with ransomware attacks, the purpose of ransomware is normally to make data inaccessible and force victims to pay for the key to unlock the encryption. Ransomware attacks normally do not involve data access or data theft. Hackensack Sleep and Pulmonary Center has no evidence to suggest this attack was any different. No proof was found to suggest that any data were removed from its system or viewed by the cyberattackers.

The variety of information encrypted included diagnoses, notes, comments, procedures, and patient reports, along with names, addresses, Social Security numbers, dates of birth, insurance information, credit card numbers, and account details.

Hackensack Sleep and Pulmonary Center called in a forensic expert to assist with the investigation, and recommendations have been received on additional security protections that can be deployed to prevent future incidents from occurring. Those recommendations are being reviewed and additional security tactics will be implemented to enhance security and stop future attacks.

The incident has been made known to the Department of Health and Human Services’ Office for Civil Rights (OCR) and the New Jersey State Police Cyber Crimes Unit, and affected people have been alerted of the breach via mail.

The OCR breach portal shows 16,474 patients have been affected by the cyber incident.

About Patrick Kennedy 619 Articles

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile: https://www.linkedin.com/in/pkkennedy/