Mental health clinic NorthCare based in Oklahoma City, OK encountered a ransomware attack in June 2021 that led to the exposure of the protected health information (PHI) of patients.
NorthCare learned about the suspicious activity in its system on June 1, 2021, when ransomware began encrypting files. The ransomware attack investigation results confirmed the breach of Northcare’s system on May 29, 2021. The attackers quickly deployed ransomware to prohibit file access and sent a ransom demand to the victims for the file decryption keys.
Northcare quickly countered the attack with measures to manage the effect of the attack and eventhough file encryption could not be stopped, the health clinic was able to reestablish its network and data files using backup copies. The health clinic did not pay the ransom demand.
The attackers got access to sections of the network that kept the PHI of patients. Though there is no confirmation of data exfiltration by the investigators, NorthCare is doing the required steps as if the threat actors had obtained access to patient records. The types of data likely breached in the attack included the full names of patients, addresses, birth dates, clinical diagnoses, and Social Security numbers.
Because of the attack, Northcare sought the help of third-party forensics experts with the investigation along with remediation efforts. Northcare already informed the Federal Bureau of Investigation and is in collaboration with technical specialists to reinforce ite network security and minimize access.
Since the attackers likely accessed and obtained patients’ PHI, NorthCare has provided the persons impacted by the breach with 12 months free identity monitoring, fraud consultation, and identity theft restoration services.
The Maine attorney general received a breach notification indicating that the ransomware attack possibly impacted 127,883 patients’ protected health information.