More than 30,000 patients’ personal health information (PHI) was compromised when a Florida laboratory faced a ransomware attack.
On 19th May 2021, Nationwide Laboratory Services, situated in Boca Raton, discovered unusual behavior on its network. Attackers had leveraged ransomware to encrypt files throughout the healthcare provider’s network, rendering their contents unavailable.
To investigate the incident and aid with cleanup, the lab contacted a third-party cybersecurity firm. According to digital forensics, cyber-attackers hacked into parts of Nationwide Laboratory Services’ network that housed patients’ PHI.
The criminals behind the ransomware attack encrypted patients’ names, dates of birth, medical record numbers, lab test results, medicare numbers, and health insurance information.
A limited number of individuals had their Social Security numbers also impacted, according to a warning issued by Nationwide Laboratory Services in response to the security breach.
The lab revealed that the cyber-attack did not affect all of Nationwide’s patients. It was also discovered that the quantity of data exposed in the event varied per patient. According to the laboratory, there is no proof that any information was used for an improper reason.
On October 28, Nationwide filed a complaint with the Department of Health and Human Services’ Office for Civil Rights on the breach. As per the study, up to 33,437 people’s personal information may have been exposed.
Patients impacted by the ransomware incident were alerted and advised on how to keep their information safe. According to Nationwide, individuals affected were asked to be on the lookout for indicators of identity theft and to examine their financial account records regularly for any fraudulent activity.
The cyber-criminals behind the lab’s attack may have erased certain files from their victim’s network in addition to encrypting an undefined number of files belonging to Nationwide.
On May 19, 2021, Nationwide Laboratory Services noticed a ransomware infestation encrypting files stored on its network, the lab said. An unauthorized entity may have encrypted information and deleted a few files from the system.