Primary Care Specialists, Inc Hit By Ransomware that Affected Patient Information

Media Division | May 10, 2017

The digital age has continued to provide high-value targets for cyber attackers.  Being that virtually every organization now has data and assets that are stored within technological implements, the options for attackers are quite extensive.  Some hackers tend to target information for the purpose of stealing it and committing fraud, but one of the most prominent types of attacks is encrypting data through the use of ransomware, which includes demanding a financial sum for the data to be released.  Such is the case with an attack last month on Primary Care Physicians Inc in Memphis, Tennessee.

How the Hackers Accessed the Systems

It appears that a malicious hacker had somehow obtained a login and password for the facility’s computers, which they had then used to access the servers that contained patient medical records.  According to IT manager, Adam Berkenstock, the access had only lasted around 5 minutes, but in that time, they were able to encrypt the data from two old servers.  This had made the data essentially unusable until it is able to be decrypted. At this point, the attackers had demanded a Bitcoin ransom for them to provide the decryption key for the files, which Primary Care Specialists had refused to pay.  They had instead reached out to the Department of Health & Human Services to have them investigate the incident.  According to reports, the hackers appeared to be Russian, due to the language used, but a trace of the IP address returned the source as Norwegian.

According to a letter sent out to patients in regard to the incident, the information affected includes, “…name, address, date of birth, insurance/payment information, Social Security number, and medical information (diagnosis, medications, treatments, etc.)”  Berkenstock said that there does not appear to be evidence of the hackers stealing the data, but rather only went after it for ransom.  This is somewhat fortunate, as all of this information could be used for a multitude of malicious purposes, including identity theft, fraud, or selling it on the black market.  If the facility has ensured to maintain proper back-ups of the data, then restoring the information would be quite simple.  And even though there does not appear to be any evidence of the hackers recording the information, PCS says that patients can place a fraud alert with a credit reporting agency incase any suspicious activity arises.  They have also enlisted a call center to field any questions that patients may have in regard to the incident.

How Cyber Security Monitoring Can Help to Prevent Cyber Attacks

With attacks like the above, it comes down to a matter of being able to detect the malicious activity as soon as it starts, as this can allow it to be quickly addressed.  This is where cyber security monitoring plays an extremely vital role. When an organization does not have proper cyber security monitoring in place, attackers are able to potentially access networks or systems without being detected for some time.  Conversely, when there is proper monitoring in place, IT or an analyst will have a constant awareness of the status of their networks and systems. They will also be alerted in regard to any suspicious patterns or anomalies. This allows them to investigate the alerts, and immediately mitigate or expel them when found to be malicious.  Many threats result in extensive damage or theft purely because they are able to remain in systems for quite some time before being detected, but cyber security monitoring helps to eliminate that potential.  Massive Alliance’s comprehensive cyber security monitoring services can help to ensure the protection of the networks and systems of any size organization.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.