A hospital in California has notified 67,000 people that their own facts may have been uncovered in a cyber-attack.
In a letter dated December 8, Sonoma Valley Clinic advised people that it was a person of numerous American health care suppliers victimized two months in the past in a extensive-sweeping ransomware campaign.
“SVH skilled a ransomware cyber-attack on October 11, 2020 by what is believed to be a Russian menace actor,” wrote the medical center.
“This event was part of a broader attack on dozens of hospitals throughout the country.”
The healthcare facility explained the attack was found out on the day that it occurred and that programs were being shut down straight away in an work to lower any hurt.
SVH said that it employed external information technology and forensics specialists to assist its possess cybersecurity staff mitigate the threats and followed their assistance to not fork out the ransom demanded by the attackers.
“After discovering the attack, our cybersecurity team—in partnership with outside the house facts technology and forensics experts—successfully prevented the cybercriminal from blocking our method accessibility and eventually expelled them from our program,” claimed SVH.
The hospital mentioned that in advance of being booted out of their method, the cyber-legal(s) guiding the attack “may well have eliminated a copy of a subset of facts.”
A forensic evaluation of what the criminals could have accessed signifies that patients’ names, addresses, dates of birth, insurance company group numbers, and subscriber quantities may have been exposed.
Other details that could have been accessed by the criminals provided diagnosis or process codes, date of service, area of services, total of assert, and secondary payer facts.
“Based mostly on the studies of the forensics analysts, the medical center does not think affected person monetary information (this kind of as credit history card or social security figures) was accessed, nor was affected individual info in the hospital’s digital wellness document technique,” stated SVH.
The clinic said that it is not conscious of any misuse or tried misuse of individual health and fitness info, and medical center forensics authorities have searched for any possible re-disclosures.
Even though surgical procedures, unexpected emergency care, and the hospital’s “Follow My Well being” patient portal have not been impacted by the attack, some diagnostic tests were disrupted.