Another ransomware attack has hit the area, this time affecting a large healthcare provider and its patients.
A data breach in December involving Community Care Physicians is impacting many of the 370,000 patients it serves. A letter that began arriving in patients’ mailboxes this week says their personal data may have been compromised and advises them what to do next.
Responding to a request for comment, CCP Director of Marketing and Communications Alexis Musto emailed WAMC a statement, saying "the data incident wasn’t with CCP or our systems, but with BST, our accounting firm. They were the victim of a ransomware attack on a network that included some of our data."
David Turetsky is a professor of practice at the College of Emergency Preparedness, Homeland Security and Cybersecurity at the University At Albany. "A ransomware attack is an attack that encrypts the data or system of the target and makes them unusable. The scheme is that they want to extract a ransom usually paid by a cryptocurrency such as Bitcoin in return for supplying the target with a key that would allow them to decrypt their data and have access to their data and systems again."
Recent area ransomware victims include UAlbany, the Town of Colonie, Albany International Airport and the city of Albany. Albany Mayor Kathy Sheehan flatly refused to pay. Rob Cheng is CEO and Founder of anti-virus maker PC Matic: "The reason why everything is escalating is because people are paying the ransom to the FBI says not to pay the ransom. But as people are paying the ransom that gives them money to go and invest in more ways to infect us and so we, our defenses, are not evolving at the same rate as their offense or revolving. That's why its escalating."
Turetsky agrees. "If ransom was never paid then that wouldn't be a fruitful line of attack. On the other hand, there may be public safety and health and other considerations involved if the data is encrypted. And so an important consideration that sometimes gets weighed, is what sort of threat to life and health may be posed if the situation is isn't resolved quickly and of course an overlay of this is that good preparation will generally lead to a faster resolution in the form of using backups and all the rest."
According to computing.co.uk, BST is among 25 victims of a ransomware initiative known as Maze, which the FBI had isued a warning about in early January. The website says Maze operators claim to have exfiltrated 25GB of data from BST.
Musto, with Community Care Physicians, added in her email that "Once it was determined the information may have included names, dates of birth, and CCP’s randomly assigned medical record numbers, and medical billing codes, BST worked with CCP to identify which patients were affected and ascertain these patients’ addresses from CCP’s records, since BST didn’t have that information, to notify these patients directly by mail. That was completed by February 5. Then, the notification process began and letters were mailed on February 14."
BST says Social Security numbers, credit card information and medical records were not affected and patients whose records were exposed are being offered one year of identity monitoring with Equifax.
If CCP patient have questions or would like additional information, they may call BST’s dedicated assistance line at 866-977-0784 (toll free), Monday through Friday, 9:00 a.m. to 9:00 p.m., Eastern Time.