One of the bits of news that has been especially frustrating to watch in recent weeks is the spate of ransomware attacks and data breaches pulled off by utterly despicable hackers who’ve decided that healthcare-related operations represent juicy targets for their digital malfeasance.
Recent days have seen ransomware gangs attack Ireland’s health care system, knock New Zealand hospitals offline, and hit institutions like Scripps Medical in San Diego with a ransomware attack. Not that hacks should necessarily be judged on some kind of sliding scale from evil to less evil, but the ones noted above are truly horrible because they potentially put lives at stake. Same with a new data breach, reported this month by Rehoboth McKinley Christian Health Care Services, a health care nonprofit with locations in Arizona and New Mexico which disclosed a data breach affecting about 200,000 people including both patients and employees.
In a notice published last week, RMCHCS said that it “learned on February 16, 2021, that certain patient information may have been removed from its computer network as a result of potential unauthorized activity that it had been investigating. RMCHCS promptly engaged a third-party forensic firm to further investigate the incident and assist with remediation efforts.
“RMCHCS’ investigation has found that an unauthorized party was able to access certain systems that contained patient information and remove some data between January 21 and February 5, 2021. As a result of its review, on April 30, 2021, RMCHCS was able to identify the individuals whose information may have been involved and is notifying them of the incident and providing them with information about steps they can take to protect themselves.”
Unfortunately, data that was potentially exposed in this data breach includes people’s names, dates of birth, addresses and telephone numbers, as well as Social Security numbers and driver’s license information. Health care data on individuals was also potentially exposed, including health insurance details, medical records data as well as prescription and treatment information. The health care enterprise says it’s been notifying those affected, and it also stresses that not all of those same pieces of information may have been stolen from every individual affected.
This attack comes as ransomware attacks, in particular, have also been on the rise against health care institutions, the thinking possibly being that these victims can afford little if any downtime and that because lives are at stake, they might be more willing to pay up quickly. Scripps Health, noted above, is one such recent example — it’s in the fourth week of dealing with a ransomware attack right now, per The San Diego Union-Tribute. According to the paper, this attack has “snarled the organization’s digital resources from scheduling to patient care, forcing many to reschedule appointments while front-line medical professionals are forced to document their care in paper charts.”
Related coverage: