California-based Sonoma Valley Hospital (SVH) has sent out data breach notifications to about 67,000 patients whose personal health information may have been compromised during a ransomware attack on October 11.
According to an update by the hospital, the cyber-attack is believed to have been part of a more extensive ransomware campaign targeting healthcare facilities across the United States.
“As we reported recently, Sonoma Valley Hospital experienced a ransomware cyberattack on October 11, 2020, by what we believe is a Russian ’threat actor.’ This event was part of a broader attack on dozens of hospitals across the country,” SVH said.
Although the hospital promptly shut down all systems to protect sensitive data after the attack and has not paid the ransomware operators for a decryption key, the forensic investigation found that patient information may have been accessed during the attack.
The sensitive information comprises health claims data sent to insurers electronically, such as names, addresses, birthdate, insurer group number and subscriber number, diagnosis or procedure codes, date of service, place of service, amount of claim and secondary payer information.
However, in some cases, medical record data such as imaging tests may have also been compromised.
SVH said no credit card or Social Security numbers were accessed during the attack, and it’s not aware of any misuse of patient health information.
“Based on the reports of the forensics analysts, patient financial information (such as credit card or social security number) was neither accessed nor disclosed,” SVH added. “SVH is not aware of any misuse or attempted misuse of patient health information, and our forensics experts have searched for any potential redisclosures.”
The letter sent to possible victims includes security measures that patients can apply to protect against identity theft and fraud. It is highly recommended for patients to closely review their medical bills and records in upcoming months for mismatches and notify their medical provider and law enforcement if they suspect any fraudulent charges.
Were you a victim of a data breach? Time to find out with Bitdefender’s Digital Identity Protection tool.