Ransomware attack on CHI Health impacted 48,000 Lakeside patients

CHI Health Lakeside Hospital, based in Omaha city, announced on Sep. 27, 2019, that it suffered from ransomware attack that might have exposed Protected Health Information (PHI) of patients', according to Omaha World-Herald. Omaha is largest city in mid-western U.S. state Nebraska.

CHI Health comprises of 14 acute care hospitals, 5 out of those 14 hospitals were located in Omaha metro area. The ransomware attack on CHI Health possibly compromised PHI of around 48,000 patients.

The ransomware attack was discovered by the hospital officials on Aug. 1, 2019. The orthopedic clinic of CHI Health found on Aug. 1, 2019, that one database containing the electronic health records was encrypted by the ransomware. The orthopedic clinic said the ransomware attack has only affected an older Electronic Health Record (EHR) system containing the medical records of patients, who have received medical services prior to Apr. 2016 in Lakeside Orthopedic Clinic of CHI Health.

A detailed investigation about the attack has been launched. Although it is possible that the patient information was copied or accessed by attackers, no proof of unauthorized data exfiltration or data access was discovered. The officials of CHI Health also said that there is no proof of patient information getting misused. The ransomware attack looks like being conducted with the sole objective of extorting money from the CHI Health.

The information present in the compromised database included names of the patient, addresses, dates of birth, contact telephone numbers, Social Security numbers, diagnoses, treatment information, as well as other medical information.

A clinic of CHI Health sent letters to the patients informing them about this ransomware incident and also that their personal information might have been exposed in this incident, as per a CHI Health statement. This ransomware incident was reported to the Department of Health and Human Services' Office for Civil Rights along with other appropriate authorities.

As a precautionary measure, all the affected individuals were offered 1 year complimentary subscription to identity theft protection and credit monitoring services. Besides, the CHI Health has further taken measures to reduce likelihood of similar kind of breaches from occurring in future.

» SPAMfighter News - 10/24/2019