MA: ResiDex Software discloses ransomware incident affecting clients’ patients’ protected health information

 Posted by at 3:27 pm  Health Data, Malware, Subcontractor, U.S.
Jun 182019
 

And yet another ransomware incident. They do not disclose the number of patients who were notified about this. Of note, sounds like their recovery was pretty smooth because they were prepared.

BOSTON, June 18, 2019 /PRNewswire/ — Tenx Systems, LLC d/b/a ResiDex Software (“ResiDex”) specializes in providing software for assisted living homes, group homes, and organizations providing care for the elderly or disabled, including Youville House, Youville Place and Wingate Healthcare (collectively “the Facilities”).  ResiDex recently identified and addressed a security incident that may have involved personal information and/or protected health information of the current, former or prospective residents and/or staff members of the Facilities.  ResiDex began providing notice on June 7, 2019 to all individuals potentially impacted by this incident.  This release describes the incident, outlines measures that ResiDex has taken in response, and advises potentially impacted individuals on steps that they may take to further protect their information.

On April 9, 2019, ResiDex became aware of a data security incident, including ransomware, which impacted our server infrastructure and took our systems offline.  ResiDex immediately undertook efforts to restore its servers to a new hosting provider.  Backups and other information maintained by ResiDex were used to enable near seamless restoration of security and services on the same day.  Additionally, ResiDex took affirmative steps to further safeguard its software systems.  ResiDex simultaneously retained a forensic investigation firm to determine the nature of the security compromise and identify any individuals whose personal information and/or protected health information may have been compromised.

The forensic investigation was unable to identify any specific individuals whose personal information and/or protected health information may have been compromised due to the complexity of the event and efforts undertaken by the perpetrators to conceal their actions.  The investigation did determine that first access to ResiDex’s systems occurred on approximately April 2, 2019, with the ransomware launched on April 9, 2019.

The data security incident may have resulted in unauthorized access to protected health information, including medical records that existed on ResiDex’s software as of April 9, 2019, and/or personal information including names and social security numbers.  Please note that it is entirely possible that any one individual who is/was a current, former or prospective resident or staff member of the Facilities did not have their personal information and/or protected health information compromised as a result of the incident.  Nonetheless, notification has been provided to all potentially impacted individuals in an abundance of caution.

Individuals who have received a notification or who believe that they may have potentially been impacted by this incident are invited to contact (877) 347-0184 between 9:00 a.m. and 9:00 p.m. Eastern Standard Time, Monday through Friday.  ResiDex and the Facilities understand the importance of protecting the protected health information and personal information maintained on its systems and deeply regrets any concern that this may have caused the potentially impacted individuals.

SOURCE Tenx Systems, LLC d/b/a ResiDex Software

CO: Hit by ransomware, Estes Park Health decides to pay the ransom to get decryption keys

 Posted by at 5:59 pm  Breach Incidents, Commentaries and Analyses, Health Data, Malware, U.S.
Jun 152019
 

Zach Clemens reports that Estes Park Health suffered a ransomware attack on June 2. No data was exfiltrated, but it was locked up, and after consulting with their cyberinsurer and IT people, they decided that they had to pay the ransom.

“At that point in time we are looking at the patients we have internally, we are looking at what is coming through the door and monitoring everything that was going on,” Leaming said.

And THAT’s what people who are not in healthcare don’t “get” when they blithely just advise entities to never pay ransom. If you are a healthcare facility you have to try to determine whether you can protect patient safety and health if you don’t pay the ransom. If your computer system got locked up but you have usable backups, then you are in a different situation than if your computer system was locked up and you’re the trauma center for your region.

“I think it is important to say that likely the only way to restore the software in the clinic and the only way we were able to restore the imaging and so forth is because our insurance company paid the ransom money and we were able to get the keys to unlock those files,” Leaming said.

Leaming did not mention having usable backups, and that is something that I expect the insurer asked about and that OCR will ask about.

EPH had to pay a $10,000 deductible to the insurance company for their payment of the ransom. Yet Leaming did say that an initial amount was paid, and as they were unlocking files, they found more locks, which they had to go back and pay the hackers more.

It is not clear how much they paid, total. Nor do they reveal the type of ransomware used.

Read more on the Estes Park Trail-Gazette.

OH: N.E.O. Urology pays attackers $75,000 after ransomware attack

 Posted by at 1:19 pm  Health Data, Malware, U.S.
Jun 142019
 

Corey Vallas reports N.E.O. Urology in Boardman, Ohio paid attackers $75,000 after their computer systems were encrypted by ransomware.

Police say the fax listed “Pay4Day.io” as the contact for further information.

Read more on WFMJ.

There is no notice on the medical practice’s web site as of the time of this posting, but it’s interesting that the practice decided to pay the ransom as it was losing $30k – $50k per day that it was unable to access its system. At that rate, it would have been much more costly not to pay the ransom — assuming (and it’s a big assumption) that: (1) the hackers provide a working decryption key and (2) they don’t come back and strike again.

 

A computer virus has thrown Philadelphia’s court system into chaos

 Posted by at 11:18 am  Breach Incidents, Government Sector, Malware
Jun 122019
 

Colin Lecher reports:

Since May 21st, a virus has shut down Philadelphia’s online court system, bringing network access to a standstill. The problems started unexpectedly: suddenly, no one could seem to access the system to file documents. “It wasn’t working,” says Rachel Gallegos, a senior staff attorney with the civil legal aid organization Community Legal Services. “I thought it was my computer.”

Read more on The Verge.

TX: Edcouch hit by ransomware

 Posted by at 11:17 am  Education Sector, Malware
Jun 122019
 

Joanna Guzman reports:

A hacker gains access to the city of Edcouch and threatens to erase all the city’s information if officials did not deposit $40,000 in Bitcoins; a form of electronic cash. Information from the water department and city finances were compromised in the attack. The city manager says this comes just after the former city manager was arrested for allegedly tampering with water meters. Homeland Security is investigating the cyber attack after information of more than 3,000 residents was stolen.

Read more on KVEO.

 Older Entries