– Great Plains Health was hit with a ransomware attack on Monday night, forcing the Nebraska hospital to launch downtime procedures as it attempts to recover its IT systems, according to local news outlet KNOP News 2.
The ransomware was first detected around 7PM on Monday, which was immediately identified by the information systems. Great Plains worked through the night to reduce the impact of the attack.
However, the hospital began canceling non-emergency appointments and other procedures on Tuesday, due to the attack and weather-related concerns. Those patients were notified to reschedule. Scheduled surgeries and some imaging procedures continued as planned.
Currently, Great Plains’ cybersecurity team is investigating the incident to determine the ransomware source, with help from the FBI and the State Patrol. The hospital is in full operation and continues to operate under downtime procedures, using paper for patient forms and communication between staff.
Email and traditional communication remain down. Officials said it could take days or even months to recover.
Great Plains is the second ransomware outage reported in the past week. A cyberattack on IT vendor Virtual Care Provider shut out at least 110 nursing homes and their affiliated facilities.
Central Valley Regional Center Phishing Attack
A phishing attack on California’s Central Valley Regional Center potentially breached the data of 15,975 patients with intellectual and developmental disabilities.
On July 29, officials discovered a breach of an employee email account and disabled the account. A third-party forensics team determined multiple employees fell victim to a phishing scheme between July 25 and August 2.
The investigation determined the account contained patient health information, which varied by patient, including names, contact details, Social Security numbers, driver’s licenses and other state identification, health insurance information, medical data, and other personal information.
A small number of taxpayer ID numbers, usernames, email addresses, financial account or payment information, access codes or PINs, IRS PINs, or electronic identifiers were also contained in the compromised accounts. Officials said they could not rule out access or exfiltration.
All patients will receive a year of free credit monitoring and identity theft protection. CVRC has since bolstered its email security to prevent a recurrence.
IT Misconfiguration Exposes Data of Children’s Minnesota Patients
About 37,942 Children’s Minnesota patients are being notified that their appointment-related information was exposed and potentially accessed due to an IT misconfiguration of internal digital staff calendars.
On August 26, Children’s Minnesota discovered the calendars used by some of its staff were inadvertently configured to allow anyone from outside the hospital to view the appointments. The error was immediately fixed.
An investigation was launched with assistance from a third-party forensics firm, which determined some calendars had been misconfigured for a number of years. One calendar was left exposed beginning as early as December 2011. Officials said they couldn’t determine whether those calendars were accessed by outside parties.
The calendars contained a varying amount of patient information, including names, dates of birth, medical record numbers, account numbers, insurance details, procedure types, provider names, and appointment dates and locations.
Misconfigured databases continue to be a major pain point for the healthcare sector. A recent IntSights report showed many healthcare providers are leaving databases misconfigured or exposed, which makes it easy for hackers to obtain sensitive patient data. In total, about 30 percent of the examined databases were exposed, or a total of 1.5 million records.
Remediation of misconfiguration errors boils down to limiting credentials, multi-factor authentication, data standardization, access monitoring, and pen testing to get a sense of vulnerabilities. More importantly, organizations should limit database access to certain IP addresses.