Missouri-based health care provider Blue Springs Family Care has disclosed a ransomware attack resulting from a data breach that may have also compromised patients records — 44,979, to be precise, according to news reports [1, 2].
According to a letter publicly posted by the company, the perpetrators potentially had access to a variety of information, including patients’ full names, home addresses, birth dates, Social Security numbers, account numbers, driver’s license numbers, medical diagnoses, and disability codes.
The ransomware attack was discovered on May 12, at which point investigators determined that an unauthorized party intruded into Blue Springs’ computer systems and loaded “a variety of malware programs” including the malicious cryptor, the letter said.
“In response to this incident, we have taken steps to strengthen our defenses against similar incidents in the future,” the letter reads. “Immediately after discovery of the incident, we engaged a forensic information technology company to assist with quarantining the affected systems and to install software to monitor whether any unauthorized person was accessing the system. We also deployed new technology to prevent future intrusions, including a new firewall. Most recently, we are transitioning to a new electronic health record provider that will provide encryption of all protected health information.”