A few days ago a cybersecurity incident that affected the systems of dozens of schools in the state of Louisiana, US was reported. Now, network security experts report that Imperial Health, a network of doctors providing health services to more than 100k people in this state, suffered a ransomware attack that compromised a percentage of the data storage in their systems.
An unidentified actor reportedly
managed to inject the malware into the firm’s networks, so a database was
encrypted; the ransomware
was detected last May 19.
The compromised database contained
personal and health information for about 116k patients. Although network
security specialists have been unable to determine whether the attackers were
able to extract the information from the database, the firm decided to inform
users potentially affected by this incident.
Although each patient’s records
vary, they generally all contain data such as:
- Full
names - Addresses
- Phone
numbers - Social
security numbers - Clinical
details of the patients
After detection, the incident was
reported to authorities, and the firm offered to assist in the investigation.
According to the latest update on the incident, Imperial Health managed to
completely remove ransomware from its networks, in addition to restoring its
data successfully. A company spokesman added that Imperial Health is about to
implement new antivirus software to prevent similar incidents in the future.
A few days ago, multiple IT
systems in academic institutions in Louisiana, US, were attacked with an
unknown malware variant. So far no attacks have been identified against other
sectors.
The incident was so serious that
John Bel Edwards, the state’s governor, issued an emergency alert after the security
breach was discovered. As a result, the authorities will be able to allocate
public resources to resolve the incident. This is the first time the Louisiana
government has launched a cybersecurity emergency alert, according to network security
specialists.
Unfortunately this is not the only recent
cybersecurity incident in health organizations. A few days ago, the
Philadelphia Department of Mental Health and Intellectual Disability Services
(DBHIDS) announced the loss of a laptop that stored confidential information
for about 1,500 patients; according to network security specialists, the laptop
was password protected but the information was not encrypted.
Supposedly, the laptop was inside a
briefcase that an employee misplaced on public transportation. The device
contained personal details such as names, dates of birth, and some clinical
details about patients. According to specialists from the International
Institute of Cyber Security (IICS) the nearly 2,000 affected patients were duly
notified, and will also receive one year of information monitoring services at
no cost.
The user of the lost laptop violated
the organization’s policy, which dictates that all portable devices in the
company must have encryption. The DBHIDS announced that it would begin an audit
to find other devices without proper protections.
