Recently, healthcare provider Wood Ranch Medical’s computer system was the victim of a ransomware attack. The ransomware attack resulted in the encryption of approximately 6,000 patients’ protected health information. Wood Ranch Medical (WRM) has been unable to restore patients’ healthcare records.
Encryption takes your data or written text/PHI and turns it into unreadable text using software or algorithms. This unreadable text can only be deciphered through an encryption key that will allow you to read it once again. Data encryption requirements protect your data even in the event of a breach or theft, and can leave the data useless to anyone who obtains or steals it. When an attacker encrypts data, the data is accessible only to the attacker, as happened here.
The ransomware attack had encrypted WRM’s servers, which contained electronic health protected information (ePHI) as well as backup hard drives. WRM suspects that the ransomware attackers only wanted money (in the form of a ransomware payment), and not protected health information. WRM has stated that while it has no reason to believe that anyone’s healthcare information was taken, the encrypted system contained electronic healthcare records that included patients’ names, addresses, dates of birth, medical insurance, and related information.
In its statement, WRM has noted that the damage to its computer system was such that WRM is unable to recover the data stored there. With its backup system also encrypted as a result of the attack, WRM cannot rebuild its medical records.
As required by law, WRM has mailed letters to individuals affected by this incident. The letters include information about the incident, as well as steps individuals can take to monitor and protect their personal information.
Earlier in 2019, a healthcare organization in Michigan, Brookside ENT and Hearing Center, also experienced a ransomware attack that resulted in permanent encryption of patient records. The organization’s owners closed the business as a result.
Need Help with HIPAA?
Let our complete HIPAA solution handle it.