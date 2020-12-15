Infosecurity Group Websites
Latest
News

California Hospital Notifies 67k Patients of Data Breach

A hospital in California has notified 67,000 patients that their personal data may have been exposed in a cyber-attack.

In a letter dated December 8, Sonoma Valley Hospital told patients that it was one of several American healthcare providers victimized two months ago in a wide-sweeping ransomware campaign.

"SVH experienced a ransomware cyber-attack on October 11, 2020 by what is believed to be a Russian threat actor," wrote the hospital.

"This event was part of a broader attack on dozens of hospitals across the country."

The hospital said the attack was discovered on the day that it occurred and that systems were shut down immediately in an effort to minimize any damage. 

SVH said that it hired external information technology and forensics experts to help its own cybersecurity team mitigate the threats and followed their advice to not pay the ransom demanded by the attackers. 

"After discovering the attack, our cybersecurity team—in partnership with outside information technology and forensics experts—successfully prevented the cybercriminal from blocking our system access and ultimately expelled them from our system," said SVH.

The hospital said that before being booted out of their system, the cyber-criminal(s) behind the attack "may have removed a copy of a subset of data."

A forensic examination of what the criminals could have accessed indicates that patients' names, addresses, dates of birth, insurer group numbers, and subscriber numbers may have been exposed. 

Other details that could have been accessed by the criminals included diagnosis or procedure codes, date of service, place of service, amount of claim, and secondary payer information.

"Based on the reports of the forensics analysts, the hospital does not believe patient financial information (such as credit card or social security numbers) was accessed, nor was patient information in the hospital’s electronic health record system," stated SVH. 

The hospital said that it is not aware of any misuse or attempted misuse of patient health information, and hospital forensics experts have searched for any potential re-disclosures.

While surgeries, emergency care, and the hospital's "Follow My Health" patient portal have not been impacted by the attack, some diagnostic tests were disrupted.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Data Leak Exposes Details of Two Million Chinese Communist Party Members

2
News

SolarWinds: Our Office 365 Emails Were Compromised

3
News

DHS, CISA and NCSC Issue Warnings After SolarWinds Attack

4
News

Spotify Resets Passwords After Leaking User Data to Partners

5
News

Google Cloud Hires Goldman Sachs Man as First CISO

6
News

Russian Hackers Steal Data for Months in Global Supply Chain Attacks

1
News

Ohio Couple Sold Secrets to China

2
News

California Hospital Notifies 67k Patients of Data Breach

3
News

Twitter Fined Half a Million Dollars for Privacy Violation

4
News

Businesses Often Do Not Inform Customers of Tracking

5
News

#BSEC: Staying Alert to the Growing Dangers of Cybercrime

6
News

Millions of Medical Imaging Files Freely Accessible on Unprotected Servers

1
Webinar

2020 Cybersecurity Headlines in Review

2
Webinar

The Remote Workplace: Managing the New Threat Landscape with ISO 27001

3
Webinar

Insider Risk Maturity Models: Tales from the Insider Crypt

4
Webinar

Risk-Based Security for Your Organization: What You Need to Know

5
Webinar

Enabling Secure Access: Anywhere, Any Device and Any Application

6
Webinar

FTP, FTPS & SFTP: Which Protocol Should You Use, and When?

1
Blog

For Most Companies, Securing Remote Work is Unfinished Business

2
News Feature

Top Ten: News Stories of 2020

3
News

Norwegian Police Pin Parliament Attack on Fancy Bear

4
News Feature

The End of Adobe Flash: What Will Post-Support Life Look Like?

5
Interview

Interview: Tom Davison, Technical Director EMEA, Lookout Mobile Security

6
News

Cyber Helpline Receives Lottery Funding to Help Growing Number of Victims