University of Southern California hospitals recover from ransomware attack

USC's Keck and Norris Hospital restored data within days of the incident and did not pay a ransom, an official said.
By Bernie Monegain
11:51 AM
Share
ransomware USC Keck and Norris

Keck Hospital CEO Rodney Hanners said the investigation, which included the FBI, did not find any evidence that cybercriminals accessed or retrieved the encrypted data.  

The University of Southern California revealed that two of its hospitals were hit by a ransomware attack that encrypted hospital data on servers, making files inaccessible to employees.

“The attack was quickly contained and isolated to prevent the spreading of malware to other servers,” Keck Hospital CEO Rodney Hanners wrote in a statement posted on the USC website.

USC executives notified the FBI immediately after discovering the August 1 attack and began an internal forensic investigation, Hanners said in the statement. They also engaged Ernst Young to review how best to investigate the matter.

“Within several days, we were able to remediate the incident and fully restore the data from the encrypted folders to the servers,” Hanners wrote in his memo. “No ransom was paid.”

[Also: Health IT executives have a new favorite dirty word]

The servers affected do not store Keck's electronic medical record system. Rather, many of the folders are departmental files that contain internal operational documents intended to be used and shared among hospital and clinic personnel, such as templates, training manuals, human resource materials and other information needed for hospital operations, according to Hanners.

“Our investigation has not revealed any evidence that data was retrieved or accessed as a result of this ransomware,” Hanners added. “Typically, ransomware is used to deny users access to their information in order to quickly extract money from the data owners – not to steal data. However, as a precaution, we are providing this notice to patients or other individuals whose health or other personal information was in the encrypted folders.”

Sensitive data included name and demographic information, date of birth, identifiable health information, including treatment and diagnosis for some patients, and in certain cases, social security numbers.

As a result of this incident, USC will further improve its security detection and response processes, enhancing audit and logging capabilities to better respond to potential threats, including ransomware malware, Hanners wrote.

He noted USC had already invested in additional tools to identify malicious traffic and would accelerate implementation and also explore how best to protect data at rest through encryption.

USC notified the California Department of Public Health, the California Attorney General and the U.S. Department of Health and Human Services' Office for Civil Rights of the incident. 


Helpful advice on planning your purchase of IDS and IPS tools:


Like Healthcare IT News on Facebook and LinkedIn