CarePointe ENT, an ear, nose, and throat specialist based in Merrillville, IN, has reported that it encountered a ransomware attack on June 25, 2021 and files on its network were encrypted. A number of the encrypted files are identified to be made up of the personal data and protected health information (PHI) of its patients.
It is typical in ransomware attacks to exfiltrate sensitive data before using ransomware to encrypt data files. The primary reason for data exfiltration is to force victims into giving the ransom payment. CarePointe stated it is convinced the attackers’ only goal was to extort cash from the practice, and not to acquire patient information. No reports were acquired which indicate the misuse of any patient information due to the cyberattack, though after carefully looking into the attack it wasn’t possible to exclude the probability that the attackers viewed patient information.
CarePointe mentioned it has undertaken the appropriate steps to minimize the probability of more cyberattacks, with the extra steps put in place which include better threat recognition abilities and limiting remote systems access. Impacted patients were cautioned to get a free credit report and to examine the report for indications of improper use of their personal data and PHI, and additionally to consider putting a fraud notifier on their credit accounts.
An analysis of the systems which the attackers accessed confirmed that these types of patient information might have been exposed: Name, birth date, address, Social Security number (if given to CarePointe), health insurance data, and related health data.
CarePointe reported the ransomware attack to the Department of Health and Human Services’ Office for Civil Rights indicating that around 48,742 people were affected.