Cyberattacks on Ohio Eye Care Provider and NCH Healthcare System

A ransomware attack on Eye Care Associates, a fully integrated regional provider of eye care in northeast Ohio, in late July resulted to the shut down of its computer systems. Even after two weeks since the attack happened, its computer systems continue to be locked.

According to Mary Jo Silva, the Director of Operations, the attack took place in the morning of July 28, 2019. The provider has notified the Beaver Township Police Department concerning the attack as well as the company’s board.

There was a ransom demand received, although the attackers did not state any amount. The attackers still need to be contacted to know how much ransom is to be paid. Silva stated that the company has not contacted the attackers and has made no payments yet. Eye Care Associates is attempting to recover all the encrypted files using its backup with the assistance of its file storage service provider. Silva is expecting to bring back systems online in a few days. The incident investigators reported that there was no evidence indicating the theft of patient data. The Business Journal mentioned that the ransomware attack was initiated via email.

The attack brought about a major disruption of hospital operations. Booking of new appointments was not possible for two weeks since the breakdown of the appointment system. The hospital staff has been referring to its paper records whenever treating patients.

Phishing Attack on NCH Healthcare System
A phishing attack on NCH Healthcare System in Naples, FL resulted in the compromise of patient information. NCH Healthcare discovered on June 14, 2019 some suspicious activities in its payroll system. Third-party computer forensics specialists investigated the incident and found the compromise of several employees’ email accounts because they responded to phishing emails sent to them.

The attackers could have accessed or copied patient data contained in email messages and email attachments. NCH has notified the patients about the breach and gave them advice to keep track of their bank accounts and explanation of benefits statements for potentially fraudulent activities.

The number of NCH Healthcare System patients impacted by the breach is still unknown.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone