Brandywine Urology Consultants Ransomware Attack Potentially Impacts Over 113,000 Patients

Delaware medial practice Brandywine Urology Consultants has revealed that a ransomware attack on January 25, 2020 led to the encryption of files on its servers and computers. The full extent of the attack was limited and the practice’s electronic medical record system was not impacted. No medical records were exposed or infiltrated in the attack.The practice moved quickly and took steps to address the attack and reduce the harm caused. After securing its systems, a complete scan was carried out to ensure no malicious software or code remained and it was determined that the attack had been completely dealt with.

A third-party security firm was hired to thoroughly investigate the attack and determine whether the attackers had gained access to or stole patient data. While many ransomware gangs conduct manual attacks and steal data before deploying their ransomware payload, the investigation suggests this was an automated attack that was carried out with the sole aim of encrypting files to extort money from the practice.

The investigation into the hack is ongoing but, to date, no proof of unauthorized data access or data theft has been located; however, it was not possible to eliminate unauthorized data access so notification letters are now being sent to all patients whose protected health information was stored on parts of the system that was targeted.

The substitute breach notice on the Brandywine Urology Consultants web portal revealed that the types of information that may have been infiltrated included names, addresses, Social Security numbers, medical file numbers, claims data, and other financial and personal data.

The IT security company and the practice have been reviewing security protections, policies, and procedures and steps have been taken to improve security to ensure the integrity of its systems and stop future data breaches. The central server deployed in the practice has been replaced and any computers impacted by the attack have either been re-imaged or replaced. Antivirus software has been updated and penetration tests are being carried out to identify any other areas where security needs to be enhanced.

The breach summary published on the HHS’ Office for Civil Rights breach portal states that 131,825 patients were potentially affected by the attack.

Author: Maria Perez