Ransomware attack on fetal diagnostic lab breaches 40,800 patient records

The Fetal Diagnostic Institute of the Pacific was able to restore data from backups, and with help from a cybersecurity firm wipe the virus from the infected server.
By Jessica Davis
02:42 PM

The Fetal Diagnostic Institute of the Pacific was hit by a ransomware attack on June 30 that potentially breached the data of 40,800 patients.

According to the notice, hackers breached FDIP servers in June, which included some patient records. Officials took immediate action to contain the incident and enlisted a cybersecurity firm. They were able to successfully remove the virus, clean the system and confirm no malware remained.

The cybersecurity firm also installed further protections to better prevent future incidents. Fortunately, officials said FDIP had backups in place that they maintained for contingency and were able to restore the impacted data. Officials did not name the ransomware type behind the infection.

[Also: The biggest healthcare data breaches of 2018 (so far)]

The data of both past and current patients were impacted by the breach, including names, dates of birth, addresses, medical data and other types of information. Officials said FDIP doesn’t store the financial data of patients, like credit card numbers.

Reports of ransomware attacks have petered out in recent months. However, hackers still are targeting the industry in force. Hackers have seen the success of SamSam throughout 2018 and created a similar, highly targeted variant called Ryuk. It’s fairly new, but those attacks have already caused an estimated $640,000 in damage.

Education is crucial to ransomware prevention as often employees are the weakest links. Organizations should strive to build a culture of information security, which starts in the boardroom. But education needs to be paired with the right security tools and preventative measures.

Further, as the overwhelming majority agrees that organizations should not pay hackers the ransom, the right way to restore data is through offline backups.

Healthcare Security Forum

The Boston forum to focus on business-critical information healthcare security pros need Oct. 15-16.

Twitter: @JF_Davis_
Email the writer: jessica.davis@himssmedia.com

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.