Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Health Leaders report that in May 2019 Presbyterian Healthcare Services suffered a ransomware attack that affected at least 183,000 patients. The Presbyterian Healthcare Services Data Breach is one of an increasing number of ransomware attacks directed against hospitals across the U.S. The hospital sent emails apologizing for the breach to the original 183,000 patients, but the Santa Fe New Mexican reports that nearly 300,000 letters were later mailed to patients who may have also been affected.
“We take the responsibility of safeguarding your information very seriously,” said a hospital statement addressing the incident. “To help prevent this incident from happening again, Presbyterian is taking several steps and implementing additional security measures to further protect our email system.”
To gain access to the hospital system, hackers sent “phishing” emails to hospital employees and administrators. The Federal Trade Commission (FTC) defines “phishing” emails as emails that “may look like they’re from a company you know or trust” that contain either a link or attachment that the hacker can use to gain access to your information or information stored on your computer.
In its statement, the hospital explained that no patient data has been improperly used or downloaded, as far as they can tell, but at least one email address that had access to provider names and Social Security numbers was affected by the attack.
“While the investigation is ongoing, we want to stress that we have no evidence indicating that any patient or member data has been used in any way and there was no access to our electronic health record or billing systems,” Dale Maxwell, president and chief executive officer of Presbyterian Healthcare Services, said in an email.
Patients who think they may have been affected are encouraged to call 833-297-6401 for assistance, the statement says.
The Presbyterian Healthcare Services Data Breach Is One of Many
The sort of hacking used to carry out the Presbyterian Healthcare Services Data Breach is not uncommon. Ransomware attacks generally follow the same pattern, according to CNN. An email containing a link is sent to an employee with access to sensitive information. When the link is clicked, it allows the hackers to “quickly take over.” Hackers then demand hundreds of thousands of dollars worth of Bitcoin or some other virtual currency to relinquish control. Even if the victim sends the money, there’s no guarantee the hackers will comply or that they won’t carry out the same attack again.
More than 140 ransomware attacks targeting health care providers and state and local governments occured in the first nine months of 2019, a marked increase from 2018, when 85 attacks were reported for the entire year. In 2019, an average of nearly three attacks per week occurred. It’s also possible that the number may be much higher since some organizations don’t publicize attacks so that they have a better chance of avoiding a payout.
“Ransomware is a big problem that is continuing to grow,” Allan Liska, senior solutions architect at Recorded Future, a cybersecurity firm that monitors these sorts of attacks, told CNN. “It is also a big money making opportunity for both experienced and new cybercriminals. Which means the bad guys are devoting a lot of resources to developing new methods to deliver ransomware.”
Responding to ransomware attacks can be incredibly difficult, especially for hospitals. Ransomware attacks open up systems to being infected with other viruses that may not be removed when the ransom is paid, even if control is given back to the owner. Hospitals are particularly vulnerable.
“Healthcare is a particularly tricky area for ransomware,” Liska told CNN. “Many healthcare systems are locked down by vendors, so healthcare systems often can’t be patched in the same way other sectors can patch. This means that healthcare organizations have to take other measures to protect themselves.”
In fact, paying the ransom may not be the best option for ransomware victims at all. The FBI recommends that following a ransomware attack, the organization should “perform a full remediation of any infected systems” to ensure no viruses or malware remains. However, the cost of performing such a system wipe is often more than many businesses can afford. Based on the hospital’s statement, the Presbyterian Healthcare Services Data Breach did not result in any ransom being paid.
Join a Free Hospital Ransomware Attack Class Action Lawsuit Investigation
If you were a patient at a hospital or healthcare facility affected by a ransomware attack that impacted your medical care, you may qualify to join a hospital ransomware attack class action lawsuit investigation.
This article is not legal advice. It is presented
for informational purposes only.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
4 thoughts onPresbyterian Healthcare Services Data Breach Leaves 300,000 Vulnerable
Yes I have also been affected by this breach and need to be added as well
I have been affected by this Breach. Can I please be added
Add me please
Add me as well