A ransomware attack on Bayamón Medical Center and Puerto Rico Women and Children’s Hospital impacted over half a million patients residing in Bayamón, Puerto Rico.
A July 19, 2019 press release stated that the medical center and associated hospital discovered the ransomware infection of their computer systems on May 21, 2019. The ransomware encrypted a big selection of files so that the hospital staff cannot access patient data for a short time period.
The healthcare providers sent notifications to about 522,000 present and past patients regarding the ransomware attack as a safety measure. The investigators of the attack confirmed the effect on patient data, but did not present any proof that there was unauthorized data access or theft.
The potentially compromised information included patient names, demographic data, clinical details, financial data, and for some patients, diagnosis details, birth dates, and Social Security numbers.
The ransomware attack merely made the data momentarily inaccessible, but now all patient data are recovered without loss of data. It is uncertain if the providers paid the ransom demand to get the encryption unlock keys or if they rebuilt the systems and restored the data using backups.
The Department of Health and Human Services’ Office for Civil Rights already received the report about the ransomware attack as two distinct breaches impacting 422,496 Bayamón Medical Center patients and 99,943 Puerto Rico Women and Children’s Hospital patients.
The is the most recent incident in a chain of ransomware attacks on healthcare companies. According to Malwarebytes data, ransomware attacks grew by 195% in Q1 of 2019. A recent report from Coveware indicates a 184% increase in ransomware attacks in Q2. Carbon Black just released its survey results that showed 66% of healthcare providers had a ransomware attack in the past year.
Unless ransomware attacks become unprofitable or attackers find another more profitable method, ransomware attacks won’t stop. Since attackers get tens of thousands of dollars in ransom payments, it is likely that attacks will grow much worse.