Fraud Management & Cybercrime , Healthcare , HIPAA/HITECH

Texas Hospital Says Ransomware Breach Affected 500,000

Also: CommonSpirit Health Says Some IT Systems Still Affected 6 Weeks After Attack
Texas Hospital Says Ransomware Breach Affected 500,000
Photo: OakBend Medical Center website

A ransomware attack at a Texas hospital that knocked out phone and email systems for weeks is now even worse following OakBend Medical Center's admission that hackers downloaded data from the medical records of up to 500,000 individuals.

See Also: 7 Steps to Help Prevent Ransomware Attacks Against Healthcare Delivery Organizations

The Texas medical system says it doesn't believe that cybercriminals were able to remove complete medical records, but hackers did obtain personal and medical information and, in some cases, Social Security numbers and birthdates.

In a Thursday breach notification statement, OakBend warned current and former patients they're at heightened risk of receiving spam messages. The hospital reported the breach to the Department of Health and Human Services on Oct. 28 as an email hacking incident.

The early September attack forced OakBend to limit communications with the outside world by yanking its email and phone systems offline for several weeks (see: Texas Hospital Still Struggling Through Ransomware Attack).

Keith Fricke, principal consultant at privacy and security consultancy tw-Security, says the OakBend incident is a prime example of why incident response plans need to identify primary and alternate methods of communicating within an organization and with external parties during an incident.

"Organizations may take for granted that email and/or Voice over Internet Protocol services will be available during a crisis. I strongly suggest conducting tabletop exercises that explore scenarios impacting the primary methods of communication," he says. "Doing so identifies gaps in preparedness you don't want to discover exist in a real event."

Daixin Claims Responsibility

Ransomware group Daixin claimed responsibility for the OakBend attack. An OakBend spokesman in September confirmed to Information Security Media Group that cybercriminals demanded a ransom of tens of millions of dollars from the nonprofit safety net hospital.

OakBend did not immediately respond to ISMG's request for further comment on the incident.

In its newest notification statement, OakBend says it is cooperating with the FBI and has implemented additional security measures to help prevent a future similar incident.

The federal government last month issued a warning about Daixin after finding that it actively targets U.S. businesses, predominantly in the healthcare and public health sector (see: Security Alert: Daixin Ransomware Targets Healthcare).

OakBend is among several healthcare entities that have been hit with highly disruptive ransomware incidents in recent weeks and months. Chicago-based hospital network CommonSpirit Health is still recovering nearly six weeks after an Oct. 3 ransomware attack that caused it to take IT systems - including electronic medical records, e-prescribing and patient portals - offline at a number of its hospitals in some regions of the country.

In a Nov. 9 statement posted on its website, CommonSpirit says it is continuing to manage response to the cyberattack still affecting some of its facilities. "Our teams continue to work diligently to bring systems online and restore full functionality as quickly and safely as possible, including electronic health records," the statement says.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.