Posted on June 22, 2021 at 1:34 PM
Georgia-based St. Joseph’s/Candler medical clinic has suffered a ransomware attack that led to the theft of medical information of nearly 40,000 patients.
Reports about the incident indicate that the hospital officials noticed the suspicious activity and shut down the computer systems before it could spread to other sections. Based on a preliminary investigation carried out, the attack involved the use of ransomware.
The hospital system says it has already contacted law enforcement to carry out further investigation on the issue. It also stated that it will inform patients whose personal or health information was accessed by the threat actors.
However, the medical institution noted that patient care operations will not be suspended as they have reverted to an established backup process.
“Our physicians, nurses, and staff are trained to provide care in these types of situations,” the notification reads. It added that the institution is doing everything within its power to make sure services to patients are not interrupted.
Reverting to paperwork backup plan
Local news reported that the backup process has extended until Monday, as nurses and doctors utilize old-fashioned paper records to take care of some cases and put records down.
The spokesperson of the clinic, Scott Larsen, stated that the medical facility will continue investigating the situation and make sure the systems are up and running in no time. According to him, the main goal of the clinic is to take care of patients, and staffs are ready to do everything possible to prevent any disruption or delays in attending to patients.
The clinic stated on its Facebook post that the backup system is designed for such situations. The spokesperson emphasized that patient care will continue as the clinic tries to get the electronic systems back on track to resume full services.
The clinic says it has already notified about 38,000 patients that their medical details were stolen during the attack. The compromised details also include their social security numbers.
General Counsel for Reproductive Biology Associates, Mathew Maruca, stated that a file server with embryology data was encrypted in April when the threat actors accessed the clinic’s systems.
According to the report on the attack, the threat actors stole laboratory results, SSNs, names, and addresses of the patients.
Maruca noted that the company began investigating the incident in April and it lasted until June 7, when it was officially confirmed that the hackers accessed patients’ data.
The increasing menace of ransomware attacks
There is now an enormous increase in the number of ransomware attacks on organizations. Security experts have now seen it as the biggest threat within the cybersecurity sphere.
Kaspersky researchers recently warned that the willingness of organizations to get their files back whenever they are asked for ransom has increased the frequency of these attacks.
More organizations are now left to suffer the brunt of threat actors who are stopping at nothing to take advantage of a vulnerability.
The researchers noted that while victimized organizations believe paying the ransom is the best way to get their stolen files back. Such actions are dangerous in the long run. That’s because the threat actors will feel more encouraged to launch more attacks, knowing that the business is very lucrative.
The researchers also warned that even when the organization accepts to pay the ransom, there is no guarantee that the files would not be exposed after all.
Stolen data can be exploited in several ways
Several studies from cybersecurity firms noted that even after the threat actors have been settled, they sometimes keep or post the stolen information on the darknet for other bad actors to utilize. In November last year, Coveware reported that there are lots of cases where victimized organizations pay a ransom but still saw their data floating online.
A security awareness advocate at KnowBe4, Javvad Malik, stated that once data has been stolen by hackers, there is no limitation to the exploitation of such data. This may include selling the data to darknet sets or utilizing the data for future phishing attacks.
The advice from most security experts is to report any incidence of ransomware attacks as soon as it is discovered to aid faster investigation and mitigation.