A ransomware attack on People’s Injury Network Northwest (PINN) in Kent, WA, a physical rehabilitation provider for industrial rehabilitation patients, resulted in the potential access of patient information by the attackers.
The ransomware attack, which infected three servers, took place on April 22, 2019. The company discovered the attack the following day and took the servers offline. It was decided that no ransom demand will be paid and encrypted files will be recovered using backups. PINN states that it hopes to recover the majority of the information on the servers.
A computer forensics company investigated the incident to find out if the attackers accessed or stole any data on the servers. The investigators found no evidence that data was accessed or stolen; nevertheless, it wasn’t possible to eliminate the likelihood of unauthorized data access or extraction. Therefore, the company sent notifications to patients whose private and protected health information (PHI) was potentially compromised on September 12, 2019.
The breach impacted patients who got rehabilitation services from PINN until April 22, 2019. The information possibly exposed included the patients’ names, dates of birth, addresses, driver’s license numbers, and diagnosis details.
PINN offered the people affected by the breach one-year free credit monitoring and identity theft protection services via ID Experts. As per the company’s substitute breach notification letter, the attack potentially impacted 12,502 residents in Washington residents.
Ransomware Attack on Berry Family Services
A ransomware attack on Berry Family Services in Rowlett, TX, a service provider to the disabled and their families, occurred on July 10, 2019 resulting in the locking up of its computer systems and encryption of customer data.
The ransom demand, the amount of which was not publicly disclosed, was paid to retrieve customer data and carry on with the support of the Texas Home Living programs and the Dallas and Rockwell Counties’ Home and Community-Based Services.
It is believed that the intent of the attack was to extort money and not to steal sensitive data, however, the probability of unauthorized data access and extraction cannot be dismissed. The information possibly accessed only included the names of customers, dates of birth, addresses, Social Security numbers, health insurance data, and relevant health data.
The breach report sent to the HHS’ Office for Civil Rights stated that the ransomware attack potentially affected 1,751 patients. As a safety precaution, the affected people received free credit monitoring and identity theft protection services through Kroll for one year. Steps were already taken to enhance protection against ransomware attacks to avert the same breaches from happening later on.