Florida-based FABEN Obstetrics and Gynecology was hit with a ransomware attack in November, which encrypted server files and caused some data to be permanently lost.
To avoid losing important files to a ransomware attack, having a secure storage system and a reliable backup are highly recommended.
At SkyFlok, we neutralize the effects of ransomware by keeping an unlimited number of file versions for each of your files. If an attack occurs, you can recover in no time to the appropriate and uncorrupted version. We give you immediate access to your files.
On November 21, officials discovered a GandCrab ransomware infection on a server containing patient files from January 2007 through April 2017. The variant is spread through malvertising campaigns that direct users to a site infected with an exploit kit, then targets Adobe Flash or Windows VBScript engine vulnerabilities to install the malware.
GandCrab infected 50,000 systems in the first three weeks of the first quarter of 2018.
Upon discovery, officials said they deleted the infected files to mitigate the effects of the attack. FABEN stressed that data was not exfiltrated, accessed, nor sent from the infected server. Further, only data from January 2007 to April 2017 was impacted.
Officials were able to restore diagnoses and treatment information, such as patient visits, and labor and delivery from that timeframe.
The trouble is that while most patient records were backed up and restored, “certain records are not recoverable.” Those files included items that were manually scanned into the system by FABEN and some information from medical charts created between Sept. 11, 2014 and April 10, 2017, such as patient visits, and labor and delivery.
As a result, FABEN permanently lost files including blood sugar logs, blood pressure logs, Family and Medical Leave Act documentation, and medical records provided to the OB-GYN in paper form during that time period.
All 6,092 patients who visited FABEN from September 2014 and April 2017 are being notified.
“Receipt of this notification doesn’t necessarily mean that any of your records are compromised,” officials said in a statement. “However, there is a possibility that certain files concerning your care and information, as described above, were deleted and or compromised as a result of the ransomware.”
Officials recommended that those impacted patients maintain copies of all of their paper medical records. Further, many of the permanently lost files were actually brought in by the patient, so officials said those patients should consult with FABEN to determine what files are missing and can be replaced.
FABEN is still conducting its investigation and cooperating with law enforcement, while working with private security consultants.