Jemison Internal Medicine discloses ransomware event
From their notification of February 16, 2018 to 6,550 patients, a reminder of the value of good backups. But yet another incident where investigation of a new incident uncovers evidence of a previously undetected intrusion:
Privacy Event at Jemison Internal Medicine, PC
Jemison Internal Medicine, PC (“JIM”) of Jemison, Alabama has advised its patients of a privacy event that may have compromised certain personal information. The incident is believed to be the result of criminal activity.
On December 20, 2017, JIM’s computer system was infected by a ransomware virus that encrypted its electronic medical record (EMR) software containing patients’ medical records. The ransomware demanded monetary payment from JIM in order to decrypt the files and allow the practice to regain access to them. JIM did not pay the ransom to the cyber criminals, but instead removed the virus by reinstalling the operating system on its server and then restoring its patient records from backup copies. Subsequent scans of the practice’s computer system have shown no additional indications of the ransomware.
JIM’s investigation of the incident did find, however, that the ransomware attack was launched by an unknown hacker who gained access to its computer system without its knowledge between September and December 2017. JIM has not found any confirming that the hacker actually accessed any files within its EMR system during the times he gained access, but it is possible that he could have done so. Therefore, JIM has chosen to notify all of its patients about the incident out of an abundance of caution. In that regard, it is possible that this unauthorized individual could have accessed files in JIM’s EMR system, which includes patient information, including names, addresses, telephone numbers, Social Security numbers, dates of birth, driver’s license numbers, treatment or procedure information, prescription information, and/or healthcare insurance information.