22,000 patients affected by ransomware attack on Cleveland Medical Associates
Cleveland Medical Associates began notifying 22,000 of its patients of an April 21 ransomware attack that may have compromised patient data.
The compromised computer was both locked and encrypted, and there is currently no evidence the patient data was impacted.
The attack did not impact patient care at Cleveland Medical.
The potentially compromised data contained patient names, Social Security numbers, clinical information like medical records, insurance billing data, addresses, phone numbers and email.
The team was unable to determine with “reasonable certainty,” if there was unauthorized access to patient data. The medical center is offering a year of free credit monitoring to all affected patients.
Cleveland Medical has implemented a new medical records system following the event and is analyzing security procedures. Officials said the organization hired a forensic investigation firm to determine the extent of the attack’s reach.
“While we believe the motivation behind this incident was extortion, and we don’t believe your protected health information was specifically targeted, our computer server containing medical information was affected,” officials said in a statement.
Cleveland Medical is one of the many organization’s heeding the updated U.S. Department of Health and Human Services’ guidelines that state the burden of proof when it comes to determining if there was a breach of patient data during a ransomware attack is on the provider.
2017 has seen a steady increase in provider’s accurately reporting ransomware attacks as breaches.
During a ransomware attack, hackers use malware to seize control of data that effectively denies users access. “By definition, the ransomware attacker has obtained unauthorized access to the PHI by the act of encrypting it,” Steven Gravely, partner with Troutman Sanders.
“In many instances, the attacker retains the data and sells it on the black market even if the ransom is paid and access to the target system is restored,” he said. “These are the reasons why OCR guidance advises that any ransomware attack is presumed to be a reportable breach.”