A ransomware attack encrypted the protected health information of patients in the New Jersey-based Hackensack Sleep and Pulmonary Center. This incident took place on September 24, 2017 but it was only discovered the next day. The attackers demanded ransom payment from Hackensack Sleep and Pulmonary Center in exchange for the key to unlock the encryption.
However, Hackensack Sleep and Pulmonary Center knew how to deal with ransomware attacks. They already had backup files of all patient information stored offline. So, the center was able to restore its patient files without having to pay ransom.
As with any ransomware attack, it is possible for the attacker to have data access. But ransomware attacks are not really about accessing or stealing data. Most ransomware are used to make data inaccessible so that the perpetrators can force the victims to pay them some money to get the key to unlock the encryption. Hackensack Sleep and Pulmonary Center believed that the purpose of the attack was to encrypt data and get ransom. There is no information that would show data was viewed or stolen by the attackers.
Included in the encrypted information are the names, dates of birth, addresses, Social Security numbers, diagnoses, procedures, notes, patient reports, insurance information, account information and credit card numbers. To get the complete details of the incident, Hackensack Sleep and Pulmonary Center hired a forensic expert. Additional security protection has been recommended and the center will implement what is necessary so that a similar ransomware attack won’t happen again.
Hackensack Sleep and Pulmonary Center already notified the Department of Health and Human Services’ Office for Civil Rights, the New Jersey State Police Cyber Crimes Unit and impacted individuals about the breach by mail. The OCR published in its breach portal that 16, 474 patients were affected by the ransoware attack.