Oregon medical group notifies 750,000 patients of ransomware attack

2021 has been the year that ransomware exploded, with the healthcare facilities and schools baring the brunt of attacks, so it shouldn’t come as a surprise to learn that the Oregon Anesthesiology Group confirmed this week that it was the victim of a ransomware attack.

The attack, which occurred on 11 July, compromised the personal information of 750,000 patients and 522 current and former employees. That includes:

  • Names
  • Addresses
  • Dates of service
  • Diagnoses
  • Medical record numbers
  • Insurance provider names
  • Insurance provider ID numbers

Additional, employees’ Social Security numbers and other information contained on W-2 forms were compromised.

A forensic investigation into the attack revealed that the attackers had data-mined administrator credentials, which allowed them to access encrypted data on its network.

The FBI told Oregon Anesthesiology Group that the attackers most likely exploited a vulnerability in its third-party firewall to gain access to its network.

How did the organization respond?

The Oregon Anesthesiology Group said it didn’t pay the ransom, a decision that’s supported by cybersecurity experts. They frequently note that there is no guarantee that attackers will keep their word and return the stolen information once they’ve been paid.

Some experts also point to the ethical concerns involved in ransom payments. By paying up, you are encouraging criminal hackers to continue their attacks, and the money you give them is probably being used to fund those attacks.

Following the attack, the Oregon Anesthesiology Group reconstructed the affected IT infrastructure and restored its files using offline backups.

Plus, in a stroke of luck, the FBI informed the organization that it had seized an account belonging to the Ukrainian hacking group behind the attack and discovered the stolen data.

However, it’s unclear whether that was the only copy of the information.

What next?

The Oregon Anesthesiology Group continues to bolster its defences in response to the attack. It had replaced its firewall, extended its use of multi-factor authentication and reviewed its network access control policies, enhanced data and network segregation, and increased its use of Cloud-based infrastructure.

It has also hired a third party to conduct real-time security monitoring and provide advice on its security system architecture.

The use of third-party service providers is growing more common as the risks associated with cyber security increase and defence mechanisms get more complex.

You can find out how IT Governance USA can help protect your organization by speaking to one of our consultants.

Our team of experts provide a variety of services to help protect your sensitive data and help you respond effectively when a breach occurs.

From supporting you with writing policies and processes to implementing the appropriate technological defences, we can ensure that you’re prepared for any cybersecurity risk.