Nationwide Laboratory Services based in Boca Raton, FL, which Quest Diagnostics acquired last summer, had encountered a ransomware attack at the beginning of 2021.
Nationwide Laboratory Services discovered a systems breach on May 19, 2021. Ransomware encrypted files all through its system and prevented the access of files. Steps were promptly taken to control the ransomware attack. A third-party cybersecurity company helped with the investigation of the incident and remediation work.
The forensic investigation affirmed on August 31, 2021, that the attackers acquired access to parts of its system that stored patients’ protected health information (PHI), and possibly accessed data including names, birth dates, laboratory test results, Medicare numbers, medical record numbers, and medical insurance data. The Social Security numbers of some persons impacted were exposed. The types of data exposed in the attack differed from one patient to another.
Nationwide Laboratory Services submitted the breach report to the Department of Health and Human Services’ Office for Civil Rights indicating that the PHI of approximately 33,437 people was likely exposed.
Nationwide Laboratory Services stated it’s likely that the hackers exfiltrated a minimal quantity of files from its system before using the ransomware to encrypt files; however, there is no proof uncovered to suggest that patient information was or will be utilized for any unauthorized uses. As a safety measure, impacted people are being urged to examine their accounts and explanation of benefits statements for indications of fraudulent transactions.
Nationwide Laboratory Services provided a year of free credit monitoring services to people who had their Social Security numbers located on the impacted systems.
The FBI lately gave a private industry alert regarding ransomware actors attacking companies that are engaged in big financial events like mergers and acquisitions and are utilizing exfiltrated information to exploit and extort cash from victims. There were a number of instances where the hackers have issued threats to publish sensitive and possibly harmful data to negatively impact stock prices to compel the victims to pay the ransom.