3 Recent Ransomware Attacks in Healthcare Industry

Last week has been pretty bad for the healthcare industry as it was involved in the following ransomware attacks.

RISE WISCONSIN

RISE Wisconsin revealed recently that it was attacked on June 7 by a ransomware. More than 3500 patients’ data has been compromised. The data consisted of personal information like names and addresses as well as health related information including patient’s history and diseases.

It took RISE 24 hours to detect the ransomware and it then proceeded to shut down its systems. RISE has not acknowledged whether it paid any ransom or not though they have hired security analysts to remove ransomware.

AFLAC

Meanwhile a week earlier AFLAC also found out a breach and estimated  the number of clients’ exposed as 10,000 while reporting to Office for Civil Rights (OCR). AFLAC believes that these clients might have been attacked when Microsoft Office 365 email accounts in the hands of third parties were hacked.  Some data that was exposed was Protected Health Information (PHI) while some was Personally Identifiable Information (PII).

AFLAC then moved towards implementing security measures in order to remove ransomware by the isolation of these email addresses and communicating to the affected third parties about the breach.

Michigan’s Health Equity

Moreover, Michigan’s Health Equity was also found out to be compromised and they revealed it on June 12. The attack was made possible by the hacking of an employee’s account through which the attacker was able to gain access to Protected Health Information.

Unlike the previous ransomware attacks, experts found out while ransomware removal that the data exposed was not related to patients. Instead it was related to employees of Health Equity as their employees’ names, Identity Document (ID), Social Security numbers and other data was exposed.  

Moreover, it was found out while removing ransomware that the attack happened two months back on April 11 while Health Equity was able to detect it on April 13. One of the first steps taken by its security team during ransomware removal was to eliminate the account of that hacked employee and then the team began to check for the ramifications of the ransomware.