Ransomware Writes Drama at Shakespeare Theatre

Lawrence Abrams reports: A ransomware attack over the weekend has taken down the ticketing system and patron database for the Shakespeare Theatre of New Jersey and has also affected at least one other organization in the Madison area. This could not come at a worse time for the Theatre as they were getting ready to begin their first scheduled performance of Charles Dickens’ “A Christmas Carol” on December 4th. In a press release on the theatre’s web site they explain that customer’s data, including credit card information, was already encrypted and was not available to the attackers during the ransomware attack. Read more on BleepingComputer.

Sunapee school stands up to ransomware goons

Damien Fisher reports: The Wi-Fi service got restarted last week at Sunapee Middle High School, eight weeks after a ransomware attack took out the school’s data. The October attack was discovered first by the district’s technology team when it was determined that all of the data was encrypted, said Superintendent Russell Holden. With a lot of work from the district’s two-man IT team, Sunapee is back up and running after two months, he said. Read more on New Hampshire Union Leader.

Ransomware at Colorado IT Provider Affects 100+ Dental Offices

Brian Krebs reports: A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack this week that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned. Multiple sources affected say their IT provider, Englewood, Colo. based Complete Technology Solutions (CTS), was hacked, allowing a potent strain of ransomware known as “Sodinokibi” or “rEvil” to be installed on computers at more than 100 dentistry businesses that rely on the company for a range of services — including network security, data backup and voice-over-IP phone service. Read more on KrebsOnSecurity.  As Brian notes: The attack on CTS comes little more than two months after Sodinokibi hit Wisconsin-based dental IT provider PerCSoft, an intrusion that encrypted files for approximately 400 dental practices.

MN: Southeastern Minnesota Oral & Maxillofacial Surgery notifies 80,000 patients of ransomware incident

It’s gotten that there are so many ransomware incidents in the healthcare sector, that even tens of thousands of affected patients may not make headlines. One of the recent additions to HHS’s public breach tool involved the Southeastern Minnesota Oral & Maxillofacial Surgery of Minnesota. They reported that 80,000 patients were being notified. The following notification appeared on their website: Southeastern Minnesota Oral & Maxillofacial Surgery Notifies Patients of Data Security Incident Southeastern Minnesota Oral & Maxillofacial Surgery (“SEMOMS”) has become aware of a data security incident that may have resulted in the inadvertent exposure of patients’ health information.  Although at this time there is no evidence that patient information was actually accessed or viewed, or any indication of anyone’s information being misused, the practice has taken steps to notify anyone who may have been affected by this incident, including sending letters to anyone whose information may have been exposed. On September 23, 2019, we discovered that one of our servers had been impacted by ransomware.  Our IT staff immediately intervened to restore the impacted server, and we engaged computer forensic experts to investigate if any information may have been impacted. After examining the impacted server, the investigation was unable to determine if patients’ name and X-ray images had been viewed or accessed by an unknown, unauthorized third party.  While our investigation did not identify specific activity surrounding patients’ information, we are notifying potentially impacted individuals out of an abundance of caution. Importantly, patients’ financial information, medical records and Social Security numbers, if provided to us, were NOT impacted by this event. While there is no indication that an unauthorized party accessed or viewed patient information or evidence of patient information being misused, SEMOMS remains committed to protecting patients’ information and has taken steps to prevent a similar event from occurring in the future, including reviewing and revising its information security policies and procedures.  Letters sent to potentially impacted patients include additional information about what occurred and a toll-free number where patients can learn more about the incident.  The call center is available Monday through Friday between 8:00 AM to 8:00 PM Central at 833-947-1414. The privacy and security of patient information is a top priority for Southeastern Minnesota Oral & Maxillofacial Surgery, which deeply regrets any inconvenience or concern this incident may cause.