California Hospital Notifies 67k Patients of Data Breach

Written by

A hospital in California has notified 67,000 patients that their personal data may have been exposed in a cyber-attack.

In a letter dated December 8, Sonoma Valley Hospital told patients that it was one of several American healthcare providers victimized two months ago in a wide-sweeping ransomware campaign.

"SVH experienced a ransomware cyber-attack on October 11, 2020 by what is believed to be a Russian threat actor," wrote the hospital.

"This event was part of a broader attack on dozens of hospitals across the country."

The hospital said the attack was discovered on the day that it occurred and that systems were shut down immediately in an effort to minimize any damage. 

SVH said that it hired external information technology and forensics experts to help its own cybersecurity team mitigate the threats and followed their advice to not pay the ransom demanded by the attackers. 

"After discovering the attack, our cybersecurity team—in partnership with outside information technology and forensics experts—successfully prevented the cybercriminal from blocking our system access and ultimately expelled them from our system," said SVH.

The hospital said that before being booted out of their system, the cyber-criminal(s) behind the attack "may have removed a copy of a subset of data."

A forensic examination of what the criminals could have accessed indicates that patients' names, addresses, dates of birth, insurer group numbers, and subscriber numbers may have been exposed. 

Other details that could have been accessed by the criminals included diagnosis or procedure codes, date of service, place of service, amount of claim, and secondary payer information.

"Based on the reports of the forensics analysts, the hospital does not believe patient financial information (such as credit card or social security numbers) was accessed, nor was patient information in the hospital’s electronic health record system," stated SVH. 

The hospital said that it is not aware of any misuse or attempted misuse of patient health information, and hospital forensics experts have searched for any potential re-disclosures.

While surgeries, emergency care, and the hospital's "Follow My Health" patient portal have not been impacted by the attack, some diagnostic tests were disrupted.

What’s hot on Infosecurity Magazine?