Hackensack Sleep and Pulmonary Center did not pay the ransom, and it was able to recover its health records from an offline backup.
Hackensack Sleep and Pulmonary Center, LLC, in New Jersey recently announced that it fell victim to a ransomware attack in September. The clinic, which delivers sleep and pulmonary disorder treatment in northern New Jersey, says it is unaware of any data breach occurring in conjunction with the attack.
Its computer system was infected on September 24th, and the infection was discovered the next day. According to an official statement, the group immediately notified the New Jersey State Police Cyber Crimes Unit and hired a computer forensics investigator.
Hackenslack Sleep and Pulmonary Center had an offline backup of its electronic medical records (EMR) data which was unaffected, allowing them to restore files and resume regular operations. The center did not pay the ransom.
“We are confident that they are intact,” the statement says of their EMR records, adding that they have no reason to believe personal health data was improperly accessed by outside actors. “Typically, these ransomware programs do not seek to steal patient data, but instead are used to extort the parties hacked into paying money to recover locked files.”
The clinic did encourage patients to “remain vigilant against incidents of identity theft and fraud,” by reviewing their account statements, health insurance records, benefits forms, and social security correspondence for suspicious activity. The official statement includes a list of credit monitoring resources for interested patients.
“Please know we are doing everything we can to continue to monitor this issue, to safeguard your personal and health information, and to protect against future incidents,” the statement says.
Hackensack Sleep and Pulmonary Center’s actions seemed to follow many expert and law enforcement recommendations: The FBI “does not support paying a ransom to the adversary,” because, “Paying a ransom does not guarantee the victim will regain access to their data.”
The attack came towards the end of a summer marked by noteworthy ransomware attacks against healthcare organizations. It began in May, as the colossal WannaCry attack wreaked havoc on companies worldwide, briefly paralyzing parts of the UK’s National Health Service. In June, the NotPetya attack halted operations at a Merck facility and affected a handful of hospitals in the United States, either directly or through essential third-party software providers. And after a brief hiatus, the Locky ransomware strain surged in late August and September, causing thousands of infections worldwide.
Healthcare organizations are a valuable target for cybercriminals. While many ransomware attacks are random, there have been cases in which actors have intentionally infected hospitals, knowing the importance of their work and the value of their data may make them more willing to pay the ransom.