CyberAttackers Used Ransomware to Encrypt Surgical Specialist Patient Data
Who: Columbia Surgical Specialists of Spokane
# of Accounts Breached: 400,000
When it happened: January 9, 2019
What was affected: Patient names and, potentially, drivers’ license, social security numbers, and other protected health information.
How it happened: The practice became aware of the attack on January 9. The investigation by their IT security provider, could not definitively conclude that no ePHI had been accessed or exfiltrated, but because it could have been exposed, all potentially impacted patients are being notified.
Outcome: Columbia Surgical Specialists quickly determined that the health and well-being of patients was the number one concern and paid the ransom demanded to get the decryption key so we could immediately proceed, unlocking the data. The company said its cybersecurity provider thoroughly analyzed its systems and believe that no data was acquired, disclosed or used by the hackers, though patient records were exposed during the attack.