Data of Nearly One Million Patients Exposed in Ransomware Attack | ||
| DESCRIPTION | ||
According to the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), there have been nearly 5,000 healthcare related data breaches reported between 2009 and June 2022. One of the latest incidents involved Practice Resources, LLC (PR LLC). On August 4, 2022, they reported a data breach to the California Attorney General’s Office. The breach involved information belonging to 942,138 patients from some 28 hospitals and physicians’ offices. PR LLC is based in New York and provides billing and other professional services to healthcare organizations. This incident is an example of a supply chain attack in which a third-party vendor is attacked, thus exposing the data of its customer organizations. Some of the data that was compromised included the names, addresses and contact information of patients that were billed by PR LLC. It also included dates of treatment, health plan numbers and medical record numbers. The incident currently ranks as the sixth largest reported data breach pertaining to the healthcare industry in 2022. | ||
| IDENTIFY INDICATORS OF COMPROMISE (IOC) | ||
The breach was the result of a ransomware attack targeted on the company’s network. Ransomware attacks today typically involved the exfiltration of data just prior to encrypting the data repositories. This gives the attackers a second means of extortion by threatening to publish the data. It can also serve as an alternative income source by selling the data on the dark web. While the company cannot confirm that the data was compromised, they are taking the precaution that it was. | ||
| CONTAINMENT (If IoCs are identified) | ||
The leadership team of PR LLC immediately attained the services of an independent cybersecurity team to investigate. The forensic team performed a thorough investigation of the ransomware attack to determine the nature and scope of the attack. Since then, PR LLC has implemented additional security measures and enhancements in hopes of preventing similar attacks in the future. The company has sent out notification letters to all patients that may have been impacted by the breach. | ||
| PREVENTION | ||
Due to the complexity of networks today and how companies share network resources with third party organizations, there are more interlaced digital supply chains and that means more potential for illegal breaches. Enterprises are encouraged to use a zero-trust strategy to secure their network systems. A zero-trust security model reverses the traditional mantra of “trust but verify” to one of “never trust, always verify.” In the past, users were trusted to move laterally throughout the network once they were authenticated. Using a zero-trust model, users, services, applications, and devices are continually validated to prove their legitimate right of access. Zero-trust modeling extends into service providers and vendor partners. Always inquire about your partners’ implemented security policies and strategies. You should understand the steps they take to protect their environment because an attack on them can quickly expose your data as well. | ||
You can strengthen your Incident Response Readiness (IRR) to prepare for an attack. A security assessment will help identify areas of risk and opportunities for improvement to prevent or limit the impact of a successful malware attack. |