DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

MO: Blue Springs Family Care notifies 44,979 patients after ransomware attack

Posted on July 26, 2018 by Dissent

I read an article recently that cited a study by Cryptonite claiming that according to HHS’s breach tool, it appears that ransomware attacks are down in the healthcare sector this year.  My mental response was just to shrug because I’ve already declared time of death on using HHS’s breach tool as any kind of serious source on breaches in the healthcare sector.  But here’s a scary thought:  if reports are down, could it be because more entities are paying the ransom and not reporting or disclosing the incidents?

Anyway….

Blue Springs Family Care in Missouri reported a ransomware incident to HHS this month that affected 44979 patients.  Of course, HHS’s breach tool does not indicate whether a hack involves ransomware, but BSCF issued a notice on their web site that indicates that on May 12, their computer vendor determine that the system had suffered a ransomware attack.

The notification does not indicate what type of ransomware or what the ransom demand was.  Nor does it explain how the ransomware was injected into the system (notifications are not required to include such information, but those of us who track breaches would always love to know).  Intriguingly, the notification includes a statement that “The investigation found indications that unauthorized persons had compromised the Blue Springs computer system and loaded a variety of malware programs, including the encryption program responsible for the ransomware attack.” Curious minds want to know whether these programs were all part of one attack, or if a number of attackers had been able to inject malware over time.

The incident has already been reported to HHS and appears on HHS’s breach tool.

Here is their notification from their site:

BSFCBS

Related posts:

  • Calling time of death on HHS’s “breach tool”
  • Blue Cross Blue Shield Association to offer all members nationwide free identity theft protection service
  • Yet another mailing error from Blue Cross Blue Shield of Florida?
  • Healthcare most breached industry in 2011? Not by my analyses.
Category: Health DataMalwareU.S.

Post navigation

← UK: Patient data breach after bag stolen at Poole Hospital
SC: Roper Hospital patient records in courier’s stolen car →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.