Gamma ransomware compromises data on 16,000 patients at California hernia institute

In the latest ransomware attack on the healthcare industry, a California-based hernia repair institute has revealed that hackers have compromised almost 16,000 patient records containing sensitive information.

In an urgent notice high on its official website, the Orange County-based National Ambulatory Hernia Institute reveals that its offices experienced a ransomware attack on Sept. 13, 2018, which compromised 15,974 records.

The attack was tied to the email address [email protected] which, according to databreaches.net, is associated with Gamma ransomware (part of the Crysis ransomware family). A typical ransom note displayed by this ransomware family can be found below (courtesy of pcrisk.com).

“If you were treated by one of our physicians prior to July 19th, 2018 your demographic information may have been compromised. If your information was not in our possession prior to July 19th, 2018 there is no possibility that your information was compromised,” the notice reads.

Potentially compromised information includes: full name, address, date of birth, Social Security number, diagnosis and information on the appointment date and time, NAHI says.

The group advises customers to seek the services of an identity monitoring firm if they believe their personal information has been compromised. Ideally, this service should be covered by the very institution whose lax security practices led to the breach – in this case, NAHI.

The institute adds that the notice “is being provided voluntarily.” However, laws like the Health Insurance Portability and Accountability Act (HIPAA) actually make these disclosures mandatory.

“Our office has moved all of our data to an off-site server, continues to investigate this matter, and has taken steps to eliminate the possibility of a future breach including the purchase of a more robust firewall and antivirus,” the notice adds.

The hospital also fails to say whether it paid the attackers the ransom money, and if it recovered the compromised data.

Gamma is relatively new to the scene. Discovered by self-proclaimed malware-exorcist Jakub Kroustek, Gamma is no different than other ransomware strains: it is designed to infiltrate systems, encrypt data, and demand digital ransom money (in this case Bitcoin) in exchange for the decryption keys.

The effects of some ransomware types can be reversed using our handy decryption tools over at labs.bitdefender.com. Unfortunately, no such tool is available for Gamma, yet. The universal advice therefore ensues: always keep regular, offline backups in case you get hit by a ransomware strain whose effects cannot be reversed.

Leave a Reply