Indiana Ransomware attack at CarePointeENT


Ransomware attack in Indiana affects 49K patients

Hackers encrypted individuals’ electronic health records, potentially compromising their Social Security numbers, medical insurance information, and other data.

A ransomware attack on an Indiana-based ear, nose, throat, sinus, and hearing center this summer may have exposed the personal health information of nearly 50,000 people.
According to a report submitted to the U.S. Department of Health and Human Services Office for Civil Rights, 48,742 people were affected by the incident at CarePointe ENT.  
“We believe it is likely the attacker only wanted money and not the information on our computers but, in an abundance of caution, we are letting you know that your information was encrypted by the attackers,” said the health center in a notice to customers this past week.  
The ransomware attack, which took place on June 21, encrypted the electronic health records of tens of thousands of patients, said CarePointe.  
Those EHRs may have included individuals’ names, addresses, dates of birth, Social Security numbers (if provided), medical insurance information, and related health information.  
“Although we have no reports of misuse of your or anyone’s information, we encourage you to review the ‘additional important information’ section included with the notice mailed out,” said the health center.  
That section describes additional steps patients can take, including instructions on how to place a fraud alert or security freeze on credit files.
“As an added precaution, you may want to closely monitor your personal accounts for any suspicious activity,” said CarePointe.  
CarePointe did not elaborate in the notice as to whether it paid the ransom.
It did say, however, that it has taken steps to reduce the likelihood of future attacks, including increasing threat detection and restricting remote access. It has also established a toll-free call center to answer questions about the incident and related concerns.  
As ransomware attacks continue to hammer the health industry, experts have noted that their strategy is growing more sophisticated.
In addition to encrypting medical information, as took place at CarePointe, attackers are also increasingly threatening to release stolen data if additional funds are not provided.  
“It’s clear data extortion has become the most lucrative ransomware method used by cybercriminals worldwide, and the COVID-19 pandemic has certainly accelerated this shift,” said Crowdstrike researchers earlier this year.  
“While our investigation did not find evidence that your information has been specifically misused, we could not rule out the possibility that files containing some patient information may have been subject to unauthorized access as a result of this incident,” said CarePointe representatives.
Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Healthcare IT News is a HIMSS Media publication.