California and Illinois Clinics Discover Ransomware Attacks

Quantum Vision Centers and Eye Surgery Center patients located in Illinois are being contact to make them aware that some of their protected health information may have been illegally obtained in an April 2019 ransomware attack.

An unauthorized person obtained access to certain Quantum systems and deployed ransomware on April 18, 2019. The ransomware encrypted files, some of which included data such as names, dates of birth, addresses, health insurance information, and Social Security numbers.

A third-party computer forensics company has been contracted to help determine the nature and scope of the attack. The investigation is ongoing, but it is believed that the malware was not used to illegally obtain any patient date. The sole aim  of the attack appears to have been to steal money from the business.

Encrypted files are now being restored and backup measures have been implemented to ensure services can go on to being given to patients, albeit with some disruption.

It is currently not known exactly how many patients have been impacted. Affected individuals have been offered 12 months of credit monitoring services for free.

In a separate data attack, Marin Community Clinics in California has suffered a ransomware breach that caused considerable disruption to its IT systems last week.

The attack took place between 9pm and 10pm on Wednesday, June 19 and lead to widespread file encryption. A ransom demand was sent out and, after consulting with its network operator, Marin Community Clinics paid an unknown percentage of the ransom demand.

Computer systems were taken out of action due to the attack. Even with the keys to unlock the encrypted files, recovery has taken many days. All computer systems are hoped to be brought back into action by Saturday 22, June.

Medical services went on being provided to patients while computer systems were down and the hospital was working in emergency mode. Patient information was recorded on paper and will be moved over when systems are brought back online. The data recovery process is progressing and major data loss is not expected.

CEO for Marin Community Clinics’  Mitesh Popat informed the Marin Independent Journal that no patient data was impacted and major data loss is not expected; however, there may be minor data loss for certain patients due to the data recovery process.

It is currently not known exactly how the ransomware was introduced and for how long the cybercriminals had access to its systems before the deployment of ransomware.

Author: Maria Perez