About 13,000 patient records were compromised due to a ransomware incident that occurred June 1 at The Ambulatory Surgery Center at St. Mary in Langhorne, Pa., according to a Bucks County Courier Times report. However, the organization was able to use automatic file backups to restore its records without paying the cybercriminals responsible for the attack.
Once a network is infected, ransomware will encrypt files and lock users out, usually until a specified sum of money is paid. Ransomware has taken off in the past year among hackers, as it is effective and extremely difficult to trace, with the most noteworthy instance occurring in March at Hollywood (Calif.) PresbyterianMedicalCenter, which paid $17,000 to hackers after losing access to its EHR system for a week. The FBI and HHS recommend organizations do not pay up.
After coming across encrypted files in its internal network, the St. Mary Medical Center-owned organization sent notification letters to affected patients, according to the Bucks County Courier Times. In the letter, a hospital spokesperson said the organization could not guarantee patient records had not been accessed, and therefore is offering a year of free identity-theft protection and credit monitoring.
The organization is still investigating the source of the ransomware and stated in the letter that medical records were kept in a separate server and were not compromised.