All data was rescued following an internal investigation

Nov 8, 2018 20:15 GMT  ·  By

Altus Baytown Hospital (ABH) was hit by a ransomware attack on September 3, 2018, with a lot of documents containing patient info being encrypted and the attackers requesting a ransom to unlock the hospital's data.

As reported by ABH, "Although our electronic health records were not impacted, some of the affected files contained patient information, including patient names, home addresses, dates of birth, social security numbers, driver license numbers, credit card information, phone numbers, and medical information."

Subsequently, ABH began an internal investigation to determine the circumstances that lead to the unauthorized party gaining access to the hospital's systems and infecting them with malware.

To do that ABH also hired risk and security consultants to help with decrypting and restoring the locked files. The outside IT specialists "discovered that the malware was a strain of Dharma ransomware. ABH’s back-up files were successfully decrypted and all ABH files were restored."

The ransomware attack did not lead to any data being accessed or exfiltrated

Following the investigation, ABH says that their records were only encrypted and no evidence of any data being exfiltrated from their servers or accessed by thirds parties has been found.

According to ABH's breach notification, information pertaining to some affiliated and related entities was also on their servers when the attacked occurred with "Altus Women’s Center of Baytown, LP, Oprex Surgery (Baytown), LP, Clarus Imaging (Baytown), LP, Clarus Imaging (Beaumont), LP, Zerenity Baytown, LP, and Altus Radiation Oncology Baytown, LP" being the all other organizations affected by the incident.

After recovering all the encrypted files, ABH's external security specialists also removed the ransomware infection from the hospital's systems and helped the hospital to implement proper protection measures for preventing any other ransomware attacks from compromising their systems.

"Nevertheless, out of an abundance of caution, we recommend that all patients of ABH take immediate steps to protect themselves from any potential misuse of their information," also says ABH's alert, even though the ransomware attack did not lead to any data breaches.