So the server you use to share files with clients got infected with ransomware and you paid the attackers to get the decryption key and recover seems to be going pretty well – you’re able to decrypt the data without any impact on the services you provide to clients…. and then, three days later, you realize:
that the attackers were inadvertently provided a file that contained personal information of IBU’s members, including Social Security numbers
Provided with the file ….how? And when? At the time of payment? Either way, this is not the kind of thing I’d want to be reporting to C-Suite or any clients if this was a mistake made during incident response. If the letter simply means that HMC discovered that one file on the server contained members’ SSN and they reported that to the client, okay, but the wording of the notification raises questions about what happened here.
Read the full notification letter from Health Management Concepts below. ”
health-management--20180823DataBreaches.net reached out to HMC to request an explanation of how this happened, and whether any patients of any clients had their protected health information encrypted by the ransomware, but received no response. This post will be updated if a response is received.