Urgent Care Clinic of Oxford is notifying patients seen prior to August 2, 2016 of what sounds like a ransomware attack.
In their notification letter, they say that sometime in early July, their server was hacked. The breach was discovered on August 2nd when staff noticed the computer system running more slowly than usual. From the sound of their notification, it sounds like the clinic paid a ransom demand:
The hackers held the server for ransom before turning control back over to the Urgent Care staff.
Having remote desktop enabled may have given the hackers access:
After regaining control of the server, the clinic shut down the server’s remote access, which had been enabled for technical support for the clinic’s electronic medical records, so that no one can now access the server from outside the UrgentCare facility to prevent this type of event from happening again.
The clinic claims that a forensic investigation suggested that the attack was carried out by Russian hackers.
The types of PHI on the server included patients’ names, social security numbers, dates of birth, and other personal information, as well as any health information on file.
The clinic was unable to determine which patients, specifically, may have been affected by the breach, and urged all its patients to be vigilant in checking credit card accounts. They also offered them one year of credit monitoring.
It’s not clear why the clinic couldn’t determine which patients were affected and the number of patients being notified wasn’t disclosed.
Actually, there are a number of points that aren’t totally clear. I wish this notification had been written more clearly as to what happened and their response and findings.