California Hospital Issues Notification of Major Cyber Attack
The Center for Orthopedic Specialists (COS) has notified some 85,000 past and present patients of its three California facilities of a ransomware attack on its IT vendor that encrypted patient records.
The attackers attempted to receive payment to unencrypt the patient data. So far, COS did not say whether it paid the ransom.
According to the COS notification statement, “Malicious software was used to gain access to and encrypt patient data in our system in the hopes of getting COS to pay money to restore access to the patient data. To the best of our knowledge, no patient information was removed by any unauthorized party as a result of this event. However, out of an abundance of caution, we are notifying all patients whose information was stored on the compromised system.”
Apparently here is how events unfolded. A third-party technology vendor that provides COS with information technology (IT) services alerted COS that an unauthorized party had illegally accessed COS’s computer network. Working with the IT vendor, COS launched an investigation into the matter. The investigation determined that the unauthorized party began attempting to access system beginning Feb. 18, 2018.
The IT vendor indicated that the affected system was permanently taken offline before any patient information could be removed by the unauthorized party.
The COS spokesperson noted that the patient data that was encrypted by the unauthorized party could have included a patient’s name, date of birth, details about their medical records, and Social Security number. “To the best of our knowledge, no patient information was downloaded or removed by the unauthorized party.”
COS notified law enforcement and launched a criminal investigation.
As an extra precaution, COS indicated it has arranged to have ID Experts provide identity protection services for 24 months at no cost to its patients. “This service is optional but we strongly encourage our current and former patients to take advantage of the benefits it provides,” said COS.
For any patient concerned about identity theft, COS recommends regularly reviewing statements from their accounts and health care providers, and periodically obtaining a credit report from one or more of the national credit reporting companies.