Pennsylvania Clinic Discovers 4-Month Breach During Ransomware Investigation

For the second time this month, a healthcare provider has announced that an investigation into a ransomware attack has revealed a historic data breach. Earlier this month, Peachtree Neurological Clinic discovered a 15-month data breach during an investigation into a ransomware attack. The data of 176,295 patients were potentially stolen as a result of the breach.

Now, Women’s Health Care Group of Pennsylvania has discovered its systems were also breached prior to ransomware being deployed. In this case, access to its systems was possible for four months. The compromised system contained the protected health information of around 300,000 patients, including names, dates of birth, addresses, laboratory test orders and results, medical record numbers, employer information, insurance information, Social Security numbers, physician names, pregnancy status, blood types, gender and race.

A third-party computer forensics firm was called in to conduct an analysis of its systems following the discovery of ‘a virus’ on its systems in May. The virus prevented the clinic from accessing files on one workstation and one server. The forensics firm determined access was first gained in January 2017. Access was possible until May. The virus appears to have been installed by the same individual who gained access to its systems four months previously.

Women’s Health Care Group of Pennsylvania said access to its systems was gained by exploiting a security vulnerability. Data access and theft was not confirmed, although the possibility could not be ruled out with a high degree of certainty.

While sensitive data were encrypted by the ransomware, all files could be restored from backups without data loss and the ransom was not paid.

Steps have now been taken to improve security to prevent future breaches of this nature from occurring. Law enforcement and the Department of Health and Human Services’ Office for Civil Rights have been notified of the incident and breach notification letters have been sent to affected patients.