Brooklyn Hospital lost patient records after a ransomware infection

Another organization in the healthcare industry was a victim of a Ransomware attack, this time the victim is Brooklyn Hospital.

A ransomware attack has infected several computer systems at the Brooklyn Hospital Center in New York, the organization permanently lost patient data. The patient records encrypted in the attack include names and certain dental or cardiac images. The news of the attack was disclosed this week, but the incident took place in late July.

The hospital did not pay the ransom, it attempted to recover the data but without success.

The Brooklyn Hospital Center immediately investigated the incident with the help of a third-party digital forensics firm and confirmed to have taken “diligent remediation efforts.”

“Brooklyn Hospital Center in New York has announced that a security breach occurred in late July 2019 that resulted in malware being installed on some of the hospital’s servers.” reads the hipaajournal.com website.

“A third-party digital forensics firm was retained to assess the nature and extent of the malware attack and assist with the recovery of encrypted files. On September 4, following ‘exhaustive efforts’ to recover the encrypted files, it was determined that certain patient information was unrecoverable.”

According to the notice sent by the hospital, the organization failed to recover the data, this means that it lacks proper backup management policy.

“The Brooklyn Hospital Center (the “Hospital”) is providing notice of a recent data incident that may affect the security of certain patient information. In response to this incident, the Hospital conducted an extensive investigation and undertook diligent remediation efforts.” reads the notice. “Through this investigation, we found no evidence that data was accessed or acquired from our systems; however, based on the nature of the incident, we are unable to recover certain records related to specific patients. Therefore, we are notifying patients regarding this event and steps we have taken in response.”

The organization pointed out that not all patients are impacted by the ransomware attack, but it has yet to disclose the number of affected patients. Brooklyn Hospital managers highlighted that no patient data was exfiltrated from its systems.

“On September 4, 2019, the investigation confirmed that due to the malware, and despite exhaustive efforts by the Hospital to recover the data, certain patient data was unrecoverable.” reads the notice.

The hospital did not provide any details about the family of ransomware that infected its systems or the amount of money demanded by the crooks.

“The Hospital encourages those who may be affected to remain vigilant against incidents of identity theft and fraud, to review account statements and explanation of benefits, and to monitor credit reports for suspicious activity and to detect errors.” concludes the notice. “Under U.S. law, adults are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228.”

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Brooklyn Hospital, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]