Thousands of patient records exposed after ransomware attack on CaptureRx

At least five healthcare providers were affected by the incident, which occurred in February.
By Kat Jercich
11:25 AM

Photo by Sora Shimazaki from Pexels

A ransomware attack on the healthcare administrative-service provider CaptureRx has exposed patient information from multiple provider systems.

According to reporting from HIPAA Journal, tens of thousands of patients from at least five health systems had their data stolen in the incident.  

"The investigation determined that, at the time of the incident, the relevant files contained first name, last name, date of birth, and prescription information," said CaptureRx in a press statement.

WHY IT MATTERS  

On February 6, attackers gained access to and acquired files that CaptureRx had received from healthcare providers.  

From February 19 through March 19, CaptureRx began reviewing the contents of the files to confirm the scope of affected individuals and associated covered entities. On March 30, it began notifying healthcare providers of the incident.

As HIPAA Journal reported, the full breadth of provider clients affected is currently unknown, but at least five have been affected:

  • 17,655 patients at Faxton St. Luke’s Healthcare in New York
  • 6,777 patients at Gifford Health Care in Vermont
  • 4,200 patients at Brownsville Community Health Center in Texas
  • An unknown number of patients at Lourdes Hospital in New York
  • 3,958 patients at Thrifty Drug Stores, a Midwest-based pharmacy chain  

ZDNet also reports that 7,400 patients at UPMC Cole and UPMC Wellsboro were affected.  

CaptureRx said that it had confirmed the security of its systems in response to the attack. It is reviewing all policies and procedures, along with conducting additional workforce training, to reduce the likelihood of a repeat occurrence.

Experts say healthcare providers present a juicy target for bad actors.  

"Besides intimate medical data nobody wants to have exposed, hackers can get their hands on other private information, such as patients’ home addresses, social security numbers, and banking information. If stolen, this data can end up in financial or identity theft scams," said Oliver Noble, a cybersecurity expert at NordLocker, in a statement sent to Healthcare IT News.  

THE LARGER TREND

Ransomware has been a pervasive threat in the healthcare industry for years, with sometimes hefty price tags: This past year, healthcare hackers demanded an average ransom of $4.6 million.  

But it's not just direct hits on health systems.

Sometimes (as with CaptureRx), bad actors target third-party vendors for side-door access to patient information. A recent attack on a radiation treatment software company impacted at least 170 hospitals and health systems across the country this past month.  

ON THE RECORD  

"You can always get a new credit card or change your leaked passwords, but your DNA is for life," said Noble.

 

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.