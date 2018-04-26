Ransomware attack against California provider breaches data of 85,000 patients

Hackers hit the IT vendor of three Center for Orthopaedic Specialists locations in February, which locked out users and encrypted patient data.
By Jessica Davis
April 26, 2018
02:27 PM
Share
ransomware attacks

Center for Orthopaedic Specialists in West Hills, California. Credit: Google Maps

The California-based Center for Orthopaedic Specialists (COS) is notifying 85,000 of its current and former patients that a ransomware attack on its IT vendor may have breached their data.

Hackers launched a ransomware attack on COS computer systems, which impacted three of its locations in West Hills, Simi Valley and Westlake Village on Feb. 24. Hackers had locked down its system and encrypted patient data. 

Once discovered, the Center for Orthopaedic Specialists IT vendor took the system offline in an attempt to limit the damage and implemented preventative measures to prevent a future attack. 

[Also: The biggest healthcare data breaches of 2018 (so far)]

Impacted information includes demographic data, medical records, insurance information and Social Security numbers. Patients are being offered free identity protection services for two years along with protection from a $1 million insurance policy.

The investigation could not rule out whether data was exfiltrated, but officials said it doesn’t appear the hacker was able to do so.

This new ransomware attack is just the latest in a continuing trend of the ever-evolving malware. It pummeled the healthcare sector in the early part of the year, with attacks on Hancock Health that drove the Indiana provider to pen and paper, and the high-profile SamSam attack on EHR vendor Allscripts as well.  

While the Center for Orthopaedic Specialists did not name the IT vendor or reveal the ransomware strain involved, earlier this month the Department of Health and Human Services warned that the SamSam variant is targeting healthcare and “the ransomware risk to the sector is expected to continue for the foreseeable future.”

HHS recommends the use of data backups, along with contingency and business continuity plans to “ensure resilient operations in the event of a ransomware event.”

Healthcare Security Forum

The forum in San Francisco to focus on business-critical information healthcare security pros need June 11-12.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Topics: 
Network Infrastructure, Privacy & Security
Share
View all comments 0

Top Story

mayo clinic Epic EHR
Top Story
Mayo Clinic set to go-live with $1.5B enterprise Epic EHR

Most Read

How does blockchain actually work for healthcare?
Nuance knocked offline by ransomware attacking Europe
Nuance still down after Petya cyberattack, offers customers alternative tools
Allscripts hit by ransomware, knocking some services offline
Blockchain's potential use cases for healthcare: hype or reality?
8 common questions about HL7

Research

White Papers

More Whitepapers

Connected Health
Privacy & Security
Privacy & Security

Webinars

More Webinars

Analytics
Financial/Revenue Cycle Management
Privacy & Security

Video

Allied Physicians Group Improve Patient Engagement with Solutionreach
HIMSS TV
HIMSS TV is live: Watch now
Adrienne Boissey
'We need to dream bigger'
HIMSS TV
Welcome to HIMSS18: Here's what attendees need to know

More Stories

ransomware attacks

Center for Orthopaedic Specialists in West Hills, California. Credit: Google Maps

Ransomware breaches data of 85,000 patients
epic EHR

Cape Fear Valley Health in Fayetteville, North Carolina. Credit: Google Maps

Cape Fear Valley Health moves to Epic and calls it a CHR, not EHR
precision medicine
The future of healthcare in 3 words
VA Secretary pick Ronny Jackson withdraws

U.S. Navy Rear Admiral Ronny Jackson meets with Sen. Jon Tester (D-MT) in his office on Capitol Hill April 16. Credit: Mark Wilson, Getty Images

Trump administration's VA Secretary pick Ronny Jackson withdraws
CMS interoperability
CMS: Taking health data sharing to new level
telemedicine

GlobalMed's telemedicine tool at a workplace clinic. Credit: YouTube

Senate finds telemedicine is crucial to opioid epidemic fight
Providers still struggle to put clinical data to use.
Clinical optimization: Liberating the data from EHRs
CMS meaningful use
The good and bad news with CMS's interoperability rule