Rochester, Minn.-based Associates in Psychiatry and Psychology discovered March 31 ts files had been locked with a variant of ransomware that also disabled affected computers' system restore functions and reformatted the network storage device where the practice kept local backups.
The data stored on the affected computers included names, addresses, birthdates, Social Security numbers, treatment records and insurance data, but all information was encrypted.
Upon discovering the intrusion, all systems were taken off line for four days and APP launched an investigation. The organization said all evidence revealed no patient data had been viewed or copied — hackers merely wanted to collect a ransom from the facility.
According to BankInfoSecurity, the mental healthcare practice decided to pay the ransom, although the publication did not disclose how much the hackers demanded or what the practice paid. However, in an email to the blog databreaches.net, Steve Patton, IT director for the practice, said the hackers initially demanded 4 bitcoin, and APP negotiated it down to .5 bitcoin, or $3,673.78 as of May 30.
APP believes the hackers are from Eastern Europe and used a crypto-ransomware called Triple-M. The practice is working with the FBI to investigate the incident and recommends affected patients check their credit reports on a regular basis.
More articles on cybersecurity:
HITRUST releases certification program for NIST cybersecurity framework
1 in 3 healthcare organizations have suffered a cyberattack, 1 in 10 paid ransom: 6 things to know
UK hospital fires employee for viewing Ed Sheeran's patient information