Cyber Incident Victim: Family Medicine Shady Grove
Date:
Aug 2022
Location:
United States of America
Summary
A Pennsylvania dermatology practice experienced unauthorized network access, compromising personal and health information of over 33,000 individuals. Exposed data included names, birth dates, addresses, diagnoses, and insurance details. The organization detected suspicious activity, initiated an investigation, and confirmed the breach's scope without evidence of data misuse. Affected parties were notified to enable protective measures, while the practice committed to enhancing its cybersecurity protocols through policy reviews.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Family Medicine Shady Grove (FMSG) cyber incident involved a ransomware attack that compromised the organization's internal on-site server, affecting 6,482 individuals. The attack did not impact patient medical records, which were stored on a cloud-based EMR system, but did disrupt operations. The incident highlights the importance of robust cybersecurity measures to protect against ransomware attacks and ensure business continuity.
The attack was first discovered on August 9, 2022, and FMSG promptly began an investigation to confirm the nature and scope of the incident. The investigation determined that an unauthorized party had accessed certain systems on FMSG's network, including files containing patient information. The potentially impacted files contained names, dates of birth, addresses, Explanations of Benefits, and monthly billing printouts.
FMSG retained a computer forensics team and notified the FBI in response to the incident. The company was able to decrypt and recover its data by September 5, 2022, and secured its workstations and server, identifying no further vulnerabilities. FMSG had no evidence that any patient PHI was acquired, misused, or exfiltrated, but encouraged impacted patients to remain vigilant.
The incident highlights the need for organizations to prioritize cybersecurity and implement robust measures to protect against ransomware attacks. This includes regularly updating software and systems, implementing strong access controls, and providing employee training on cybersecurity best practices.
The incident also underscores the importance of incident response planning and communication. FMSG's prompt response to the incident and notification of affected individuals demonstrate a commitment to transparency and accountability.
The use of cloud-based EMR systems can provide an additional layer of security and protection against ransomware attacks. By storing sensitive data in a secure and remote location, organizations can reduce the risk of data loss and disruption.
The incident serves as a reminder of the ongoing threat of ransomware attacks and the need for organizations to remain vigilant and proactive in their cybersecurity efforts.
The FMSG incident is a prime example of how a ransomware attack can have significant consequences for an organization, even if patient medical records are not directly impacted. The incident highlights the need for organizations to prioritize cybersecurity and implement robust measures to protect against ransomware attacks.
The incident also highlights the importance of incident response planning and communication. FMSG's prompt response to the incident and notification of affected individuals demonstrate a commitment to transparency and accountability.