Aftermath of South Dakota Medical Facility Ransomware Attack
In February of 2017, Plastic Surgery Associates of South Dakota was hit with a ransomware attack. The malware left medical records encrypted, completely unavailable to staff. The medical facility reached out to third-party investigators for assistance. However, in April, all evidence was lost. Therefore, it is unclear if the ransomware attack led to a data breach. If patient data was taken, it included:
- Patient names
- Social Security numbers
- Birth dates
- Medical diagnosis
- Lab results
- Insurance information
- State/License numbers
- Credit and debit card numbers
If this information was leaked — the hackers have a plethora of data to exploit these patients. Not only could they steal their identity, they could rack up fraudulent charges on their credit/debit cards. Hackers could also fraudulently represent insurance companies, claiming additional funds are due for previous medical services, or “bill” for new services.
Plastic Surgery Associates made the following statement to Healthcare IT News,
“The confidentiality, privacy, and security of our patient information is one of our highest priorities. As part of our ongoing commitment to the security of protected health information in our care, we’re working to implement additional safeguards and security measures to enhance the privacy and security of information on our systems.”
Other Ransomware Attacks
To see a full list of ransomware attacks that have taken place this year, you can click here. We have also created a ransomware map, see below, of the ransomware attacks that have taken place in the U.S.