Cyber Incident Victim: Electronic Waveform Lab, Inc.
Date:
Apr 2020
Location:
United States of America
Summary
Electronic Waveform Lab experienced a ransomware incident impacting servers containing patient information, including names, addresses, diagnosis codes, and limited treatment details. The company initiated an investigation with law enforcement and external forensic assistance upon discovery, restoring affected systems without data loss. While the investigation could not confirm specific data accessed by attackers, the organization implemented enhanced security measures and established a dedicated support hotline for affected individuals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 11, 2020, Electronic Waveform Lab, Inc. detected a ransomware incident affecting certain computer servers containing patient information. The Huntington Beach, California-based company immediately initiated an investigation upon discovery and notified law enforcement authorities. An external forensic firm was engaged to assist with the investigation. While the investigation confirmed the servers were compromised by ransomware, it could not definitively determine whether attackers accessed or exfiltrated specific data during the intrusion. The affected servers stored patient names, physical addresses, medical diagnosis codes, and limited treatment information. Electronic Waveform Lab restored all impacted servers from backups and confirmed no data loss occurred as a direct result of the ransomware encryption. The company did not disclose the ransomware variant involved or the initial attack vector exploited by threat actors.
Electronic Waveform Lab publicly announced the incident on June 12, 2020, nearly two months after detection, through a press release and individual notifications. The company advised affected patients to scrutinize insurance statements and healthcare provider bills for unauthorized services, directing them to contact relevant providers immediately if discrepancies were found. A dedicated call center ((844) 963-2705) operated during Central Time business hours was established for inquiries. The organization referenced existing but unspecified security safeguards prior to the incident and stated it had implemented additional protective measures to strengthen system security, though no technical details were provided regarding these enhancements. An informational webpage (www.h-wave.com/privacy-incident-notice) offered general guidance about protecting personal health information but did not describe compensatory protections for affected individuals. The company did not report evidence of actual misuse of patient data or specify the total number of individuals impacted by the server compromise.