Medical Service Provider hit by Ransomware

Who: Doctor’s Management Service

# of Records/People Affected: 38 Healthcare Centers

When: 25 April 2019

What happened: ​Medical billing service provider ‘Doctors’ Management Service’ suffered a ransomware attack compromising patients’ data from a number of its clients.

How Did it happen: The ransomware attack infected the DMS’ systems. DMS first detected the incident on December 24, 2018, and upon discovery conducted a comprehensive investigation. The investigation revealed that the ransomware is GandCrab. The billing service provider disclosed that the initial unauthorized access to the DMS network happened on April 1, 2017, via RDP protocol on a DMS workstation. This incident has impacted almost 38 healthcare centers including Beverly Surgical Associates, Today’s Wellness PLLC, Neuro Institute of New England, Thompson Medical Associates, New England Community Medical Services, and more.

Outcome: Upon discovery, DMS hired leading forensic investigators to conduct a comprehensive investigation. The medical billing services provider has notified the law enforcement authorities about the incident. DMS has changed its network security system in order to restrict unauthorized access to its systems and to improve its network security. It is working closely with information security experts to prevent such incidents from happening in the future. Further, it is providing training to its staff on cyber best practices.