A medical center in California has notified 67,000 individuals that their personal details may well have been uncovered in a cyber-attack.
In a letter dated December 8, Sonoma Valley Hospital advised patients that it was one of numerous American healthcare vendors victimized two months in the past in a huge-sweeping ransomware campaign.
“SVH skilled a ransomware cyber-attack on Oct 11, 2020 by what is considered to be a Russian threat actor,” wrote the hospital.
“This event was portion of a broader attack on dozens of hospitals across the country.”
The healthcare facility stated the attack was identified on the day that it transpired and that devices have been shut down right away in an exertion to decrease any hurt.
SVH explained that it employed exterior facts technology and forensics experts to support its individual cybersecurity crew mitigate the threats and adopted their tips to not fork out the ransom demanded by the attackers.
“After getting the attack, our cybersecurity team—in partnership with exterior facts technology and forensics experts—successfully prevented the cybercriminal from blocking our technique obtain and finally expelled them from our procedure,” mentioned SVH.
The medical center explained that prior to currently being booted out of their process, the cyber-legal(s) powering the attack “may perhaps have removed a copy of a subset of data.”
A forensic assessment of what the criminals could have accessed indicates that patients’ names, addresses, dates of birth, insurance provider team quantities, and subscriber figures may have been exposed.
Other details that could have been accessed by the criminals incorporated diagnosis or course of action codes, date of services, location of support, sum of declare, and secondary payer information.
“Primarily based on the stories of the forensics analysts, the medical center does not believe affected individual monetary information (these kinds of as credit rating card or social security numbers) was accessed, nor was individual info in the hospital’s digital health and fitness record method,” mentioned SVH.
The healthcare facility said that it is not mindful of any misuse or tried misuse of affected person health and fitness info, and healthcare facility forensics experts have searched for any likely re-disclosures.
Although surgeries, unexpected emergency treatment, and the hospital’s “Stick to My Health and fitness” affected individual portal have not been impacted by the attack, some diagnostic assessments had been disrupted.
Some pieces of this report are sourced from: