Cove Family & Sports Medicine recovers from ransomware, but loses some data

There are different metrics for describing the impact of a breach, but one of the ones I use in my subjective system is whether patient data that might be needed for care have been lost, stolen, or corrupted.  In June, there were a lot of data breaches or security incidents and many involved ransomware. One incident, however, that pretty much flew under the media radar, actually resulted in loss of patient notes. In a June 13 notice to patients, Cove Family & Sports Medicine in Huntsville, Alabama wrote that unnamed ransomware encrypted patients’ medical records.

“The encrypted medical records contained patient information, including names, dates of birth, social security numbers, addresses, patient identification numbers, prescription information, diagnosis information, procedure information, and time and date of treatment,” the doctors write.

Cove Medicine did not pay the ransom. It elected to reinstall the operating system on its server and then it restored the majority of its patient records from backup copies. Their approach was only partially successful, though:

The backup records, however, were partially encrypted as well and the practice currently has not been able to restore its internal notes for visits that have occurred in approximately the past two years. Cove Medicine believes it will be able to restore all other treatment records, and that this will not impair its ability to provide care to its patients.

So the good news is that most of the data were recovered from backups, the doctors do not believe that care will be impacted, and there was no indication that any data were exfilitrated. But this was obviously not a total success, and it’s not clear whether the lost/unrecovered internal notes might impact care. The doctors write:

“We take patient privacy seriously, and are very sorry for any concern or inconvenience this incident has caused or may cause to anyone who has been affected,” said Dr. Jonathan Krichev, one of the physicians and partners of Cove Medicine.

With so much ransomware and so many attacks these days, what lessons can other entities learn from Cove Medicine’s experience? The doctors did not disclose how the ransomware got into their system, and there might be something to be learned from that. Nor do they explain how the backups wound up partially encrypted, too, and perhaps that’s something we can all learn from, too.

This is not to sound critical of Cove Medicine. They clearly did the best they could in an unfortunate situation that was not of their choosing and it no small measure of success that they recovered as much as they did. I’m just wondering what lessons can be learned that might save others the same misery.

At the present time, the incident is not up on HHS’s breach tool, and we do not know how many patients were notified of this incident.

About the author: Dissent

Has one comment to “Cove Family & Sports Medicine recovers from ransomware, but loses some data”

You can leave a reply or Trackback this post.
  1. ECA - July 1, 2017

    as you also would like more info, I would also..
    I have a few ideas tho..
    1. Backup data, is NOT FREE.. Unless you have a good computer person, the programs are not free.
    They also update and CHANGE the programs over time, for a few security reasons..
    2. Online/Offline data save..Data service tend to be STRANGE..Uploading Incremental data, and the service changes things…and you Could loose all of it..its the same with DMCA.
    3. built in, Backup program in the software, and the Creator changes it..you WONT get the old data back, unless you keep a copy of the OLD software.
    4. software that ENCODES its data, for many reasons including Keeping Smaller files.. and the same reason as #3..and DMCA again.

    I suggest MORE then 1 type of backup and STORE in more then 1 location, Preferably OFF SITE..

    2 years of RECENT data lost??
    I hate windows backup..The program I wish them to make, isnt easy. I would rather backup DATA/PROGRAMS/OS separately.. At this time, I would prefer a SECOND program, not one builtin to a PROGRAM, to do a manual backup of DATA..I dont like SERVICES that claim they can SAVE your data, and would rather keep my OWN copy, as well.

    A full system backup 1 timer per month, is the LEAST that should be done. but requires access to a GOOD sized NAS..that ONLY connects to the system at the TIME of backup..keeping 2-3 NAS backups can save allot of time, and a FULL system Backup/Everything is the best. you RELOAD windows, and then reinstall the WHOLE BACKUP..

    Im from the OLD school, when BUMPING your computer was reason to REINSTALL EVERYTHING..

Comments are closed.