Mar 152019

DeeDee Sun reports:

The Ballard Northwest Senior Center found itself in the bull’s-eye of ransomware attack, with its server wiped just weeks before their biggest fundraiser of the year.

The senior center says it doesn’t know if it was targeted, or if the ransomware attack hit them at random, but now it’s struggling to get back on its feet.

Read more on KIRO7.

via “Russy”

Mar 142019

Pat Ferrier reports:

When employees of the Fort Collins Loveland Water District and South Fort Collins Sanitation District got to work the morning of Feb. 11, they were locked out of technical and engineering data and drawings stored on their computers.

The districts had fallen victim to a ransomware cyber attack, the second in two years, General Manager Chris Matkins said. Hackers were holding the data hostage and demanding a ransom payment before they’d unlock the information.

Matkins won’t say how big the ransom demand was or how payment was to be made. “It’s not something we will talk about,” he said. “It didn’t have any bearing on how we responded.”

Fort Collins Loveland Water never considered paying the ransom and within about three weeks was able to unlock the data on its own, Matkins said.

Read more on The Coloradoan.

Thanks to “Russy” for this link.  Russy also sent a link to this James Perse notification, which seems all-too-familiar in its description:

Mar 122019

On September 11, 2018, Maffi Clinics in Arizona joined the ranks of those attacked by ransomware.

From their notification letter (see below), it appears that the clinic was prepared and quickly implemented their incident response plan.

The consulting firm promptly identified the unauthorized access point and terminated it; isolated and removed the ransomware; and restored all of our data. The consulting firm also determined the unauthorized access began approximately 5 hours before the system was shut down, at which point the access ended. The consulting firm found no evidence any of our data was viewed or downloaded and, to date, we have not received any ransom request.

In the proverbial “abundance of caution,” the clinic decided to mail written notices to all patients.  Their submission to HHS indicates that came to 10,465 patients.

You can read the full notification letter below.

Mar 122019

On February 26, Delaware Guidance Services for Children and Youth, Inc. (“DGS”) sent a letter to parents and guardians of their young patients. The letter explained that on December 25, 2018, DGS had become the victim of a ransomware attack that had locked up the patient records. Those records contained personal information, such as name, address, birth date, social security number, and medical information.

To secure release of the records, DGS was required to pay a “ransom,” in exchange for a de-encryption “key” that unlocked the records.

Their notification letter, signed by their Executive Director, Jill Rogers, MSN, does not say how much DSG paid for the decryption key.

Subsequent investigation did not provide any indication that records had been accessed, corrupted, or exfiltrated, but DGS decided to notify everyone and to offer them credit monitoring services and other  supports.

You can read their full notification letter below. DSG does not explain why they opted to pay ransom. Did they not have a current backup that they could use to restore their database or was their some other reason or concern?

Patient Privacy Letter 2019
Mar 122019

Direct Scripts, a pharmacy benefit management service provider in Ohio, recently notified more than 9,300 patients after discovering that they had been the victim of a ransomware attack.

Direct Scripts became aware of the attack on January 30, and immediately launched an investigation to determine what had happened and if any patient protected health information had been accessed or acquired.  A notice on their web site dated February 22 explains:

The  information potentially involved may include customer names, addresses, and prescription information, but the impacted server did not and does not store customer Social Security numbers or credit card information. While there is no evidence that any sensitive or personal information has been misused, Direct Scripts has sent notification letters to all potentially impacted customers.

Based on their investigation, Direct Scripts states that they do not believe any customers’ personal information was at risk, but they have created a web site and have other support available to those with questions or concerns. Their full notification can be found here.