Texas’ ABCD Pediatrics recently began notifying its patients that their personal information may have been exposed when unidentified attackers infected its servers with ransomware.
On February 6, 2017, an employee noticed that a virus had begun encrypting the practice’s servers. The encryption process was slowed by the company’s anti-virus software, and ABCD’s IT company was able to take its servers offline and identify the virus as Dharma Ransomware, a variant of Crysis for which decryption tools are available.
“ABCD’s IT company reported that these virus strains typically do not exfiltrate (‘remove’) data from the server; however, exfiltration could not be ruled out,” the company said in a statement. “Also, during the analysis of ABCD’s servers and computers, suspicious user accounts were discovered suggested that hackers may have accessed portions of ABCD’s network.”
The IT company was able to remove the virus and all corrupt data from its servers, and successfully restored all affected data from a secure backup. “As a result, no confidential information was lost or destroyed, including protected health information,” the company said.
Potential Data Exposure
While ABCD says it never received any ransom demands or other communciations regarding either the ransomware or any stolen data, the company can’t guarantee that no confidential information was viewed or stolen.
The data that may have been exposed includes 55.447 patient names, addresses, phone numbers, birthdates, other demographic information, Social Security numbers, insurance billing information, procedural technology codes, medical records and lab reports.
Prior to the attack, ABCD says, it had several security measures in place, including network filtering and security monitoring, intrusion detection systems, firewalls and anti-virus software.
“Following this incident, ABCD’s IT company located the source of the intrusion and implemented several measures to ensure this kind of incident does not occur again, which include state of the art cyber monitoring on its network,” the company said.
All patients are being offered free access to identity and credit protection from Equifax.
The Cost of an Attack
A recent Imperva survey [PDF] of 170 security professionals found that 32 percent of respondents said their companies had been hit by ransomware.
Fifty-nine percent of respondents said the biggest business impact of a ransomware attack was the cost of downtime due to lack of access to systems for customers and employees.
Twenty-nine percent said they would lose between $5,000 and $20,000 a day due to downtime from a ransomware attack, and 27 percent said the cost could be more than $20,000 a day.
“Even if victims have backup files or are willing to pay the ransom, the cost associated with productivity downtime adds up quickly,” Imperva chief product strategist Terry Ray said in a statement. “What’s more, the availability of ransomware-as-a-service, combined with high profits for the attackers, means ransomware attacks are likely to escalate in 2017.”
“The interesting thing about ransomware is how simple it is to execute and how easy it is to inflict damage,” Ray added. “Organizations tend to think of hacking as though it was rocket science, which always puts them on the losing end. The reality is that hacking is most often simple, and mitigating it requires proper attention and tools which do exist and are within reach of most enterprises.”