Four Months After Infection, Medical Facility Discloses Ransomware Attack

Ransomeware hit yet another medical facility.  On August 30, 2016, ransomware struck the Susan M. Hughes Center, impacted both office locations.  The Center is located in Glen Mills, Pennsylvania and Cherry Hill, New Jersey.  This attack impacted over 11,000 patient records.  However, the Center did not inform the patients of the security issue until late December, 2016.  According to databreaches.net, Susan M. Hughes Center officials made the following report to HHS,

“The Susan M. Hughes Center is committed to maintaining the privacy and security of patient information we maintain. This notice is to inform you of an incident involving some of that information.

On August 30, 2016, we became aware of a ransomware attack of our computer system. We immediately began an investigation, reset passwords, removed the server from the system, and began using back up to our system. We engaged a leading forensic firm to assist in the investigation and we determined that an unknown person remotely accessed a server which contained files that may have included patients’ names, telephone numbers, dates of service, types of service or treatment, and amounts paid.

We have no indication that the patients’ information has been used in any way, but wanted to notify you of this incident and assure you that we take it very seriously.

We began mailing letters to affected patients on December 27, 2016, and have established a dedicated call center to answer any questions. If you believe you are affected but do not receive a letter by January 14, 2017, please call 1-866-263-4159 between 9 a.m. and 7 p.m. Eastern Time, Monday through Friday.

We regret any inconvenience or concern this may have caused our patients. To help prevent something like this from happening in the future we are working with a security firm to enhance the security of our systems.”

To see a full list of ransomware attacks that have taken place in 2016, you can click here.  We have also created a ransomware map, see below, of the ransomware attacks that have taken place in the U.S. this year.

(Visited 45 times, 1 visits today)

One thought on “Four Months After Infection, Medical Facility Discloses Ransomware Attack

Leave a Reply

Your email address will not be published. Required fields are marked *