I read an article recently that cited a study by Cryptonite claiming that according to HHS’s breach tool, it appears that ransomware attacks are down in the healthcare sector this year. My mental response was just to shrug because I’ve already declared time of death on using HHS’s breach tool as any kind of serious source on breaches in the healthcare sector. But here’s a scary thought: if reports are down, could it be because more entities are paying the ransom and not reporting or disclosing the incidents?
Blue Springs Family Care in Missouri reported a ransomware incident to HHS this month that affected 44979 patients. Of course, HHS’s breach tool does not indicate whether a hack involves ransomware, but BSCF issued a notice on their web site that indicates that on May 12, their computer vendor determine that the system had suffered a ransomware attack.
The notification does not indicate what type of ransomware or what the ransom demand was. Nor does it explain how the ransomware was injected into the system (notifications are not required to include such information, but those of us who track breaches would always love to know). Intriguingly, the notification includes a statement that “The investigation found indications that unauthorized persons had compromised the Blue Springs computer system and loaded a variety of malware programs, including the encryption program responsible for the ransomware attack.” Curious minds want to know whether these programs were all part of one attack, or if a number of attackers had been able to inject malware over time.
The incident has already been reported to HHS and appears on HHS’s breach tool.
Here is their notification from their site:BSFCBS