Recently, healthcare provider Wood Ranch Medical’s computer system was breached by a ransomware attack. The ransomware attack resulted in the encryption of approximately 6,000 patients’ protected health information (PHI). Wood Ranch Medical (WRM) has been unable to restore patients’ healthcare records.
Encryption takes your data or written text/PHI and turns it into unreadable text using software or algorithms. This unreadable text can only be deciphered through an decryption key that will allow you to read it once again. Data encryption requirements protect your data even in the event of a breach or theft, and can leave the data useless to anyone who obtains or steals it. When an attacker encrypts data, the data is accessible only to the attacker, as happened here.
Wood Ranch Medical has issued a statement in which it has stated that no protected health information was actually accessed without authorization.
The ransomware attack had encrypted WRM’s servers, which contained electronic protected health information (ePHI) as well as backup hard drives. WRM suspects that the ransomware attackers only wanted money (in the form of a ransomware payment), and not the protected health information. WRM has stated that while it has no reason to believe that anyone’s healthcare information was taken, the encrypted system contained electronic healthcare records that included patients’ names, addresses, dates of birth, medical insurance, and related information.
In its statement, WRM has noted that the damage to its computer system was such that WRM is unable to recover the data stored there. With its backup system also encrypted as a result of the attack, WRM cannot rebuild its medical records.
As required by law, WRM has mailed letters to individuals affected by this incident. The letters include information about the incident, as well as steps individuals can take to monitor and protect their personal information.
Earlier in 2019, a healthcare organization in Michigan, Brookside ENT and Hearing Center, also experienced a ransomware attack that resulted in permanent encryption of patient records. The organization’s owners closed the business as a result.
Do you Need Help Addressing Cybersecurity?
Compliancy Group gives healthcare providers and vendors working in healthcare the tools to confidently address their HIPAA compliance in a simplified manner. Our cloud-based HIPAA compliance software, the Guard™, gives healthcare professionals everything they need to demonstrate their “good faith effort” towards HIPAA compliance.
To address HIPAA cybersecurity requirements, Compliancy Group works with IT and managed service provider (MSP) security partners from across the country, who can be contracted to handle your HIPAA cybersecurity protection.
Find out more about how Compliancy Group helps you simplify compliance and cybersecurity today!