Ransomware Attacks on Monterey Health Center and Magnolia Pediatrics

A ransomware attack on Monterey Health Center in Milwaukie, OR, which started on August 12, 2019, resulted in the encryption of its electronic health records system making patient data inaccessible.

With the help of a third-party vendor, the Monterey health center was able to restore all patient information immediately and continued giving patient care. It is uncertain if the center recovered the health records from backups or paid the ransom demand.

A third-party forensic team investigated the incident to ascertain if the attackers copied patient data. The investigation results revealed no proof of data exfiltration, but unauthorized information access cannot be absolutely ruled out. Thus far, there are no reports received regarding any patient data misuse.

The information potentially compromised included: names, addresses, birth dates, driver’s license numbers, Social Security numbers, healthcare histories, diagnoses, laboratory test results, treatment data, prescribed medicines, medical insurance data, claims data, and financial account details.

All people impacted by the breach received notifications and instructions on how to improve security. Third-party experts, together with the health center, will continue to make sure that systems stay secured and the health and personal data of patients are secured from unauthorized access.

Magnolia Pediatrics Patients Affected by Ransomware Attack

A ransomware attack on Magnolia Pediatrics in Prairieville, LA, on August 23, 2019 affected patients’ protected health information (PHI) when files were encrypted.

A third-party computer forensics company helped the pediatric practice during investigations and found out that there was no removal of patient information from the systems at the time of the attack. Although there was no suspected data theft, it cannot be absolutely ruled out that there was no unauthorized data access and/or data theft.

The patient information contained in the encrypted computer system included their names, addresses, phone numbers, health record numbers, Social Security numbers, clinical data, diagnoses, laboratory test results, diagnoses, prescribed medicines, medical histories, medical insurance details, dates of service, and treating doctors’ names.

Magnolia Pediatrics reported the incident to the Federal Bureau of Investigations and there is an ongoing investigation of the attack. The practice has taken steps to strengthen security and avoid the same attacks later on. All affected patients already received breach notifications.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone