Phishing Attack on Adventist Health Sonora and Recovery of Great Plains Health from Ransomware Attack

Adventist Health Sonora in California encountered unauthorized access by an individual to a hospital associate’s email account resulting in the potential exposure of patient information.

The information security team of Adventist Health Sonora detected the email account breach on September 30, 2019. Quick action was undertaken to keep the compromised Office 365 account secure. Adventist Health Sonora had the breach investigated to know its extent.

The investigation confirmed that there was unauthorized access to the Office 365 account after employees responded to a phishing email. However, it was an isolated incident. Other email accounts or systems were not affected.

The reason for the attack seems to be the redirection of invoice payments and robbing of the hospital and its vendors, and not to obtain sensitive patient information.

As per Adventist Health Sonora, the thorough review of the breached account on October 14, 2019 showed that the account contained 2,653 patients’ protected health information (PHI). The types of information exposed included names, medical record numbers, dates of birth, health insurance information, hospital account numbers, and medical details associated to the treatment made available at the hospital.

There is no evidence uncovered that suggests the attacker obtained patient information. But to ensure the safety of the affected patients, Adventist Health Sonora sent notification letters and gave complimentary identity theft protection services for one year.

80% Recovery After Great Plains Health November 2019 Ransomware Attack

Great Plains Health located in North Platte, NE encountered a ransomware attack in November 2019 that resulted in its network encryption. The provider decided not to pay the ransom and restored the systems from backups. It was a long and painstaking process, but hospital representatives announced that it’s already 80% complete.

Patient system restoration was given utmost importance and was restored first. Critical patient systems were restored in two weeks. The staff worked 24/7 to ensure the restoration of the systems as soon as possible. After the attack and during the system recovery process, patients continued to get medical services and they were not turned away or redirected to other healthcare facilities.

Hospital representatives have now reported that all key IT systems are already back online. The ransomware attack did not affect any of the patient care services. Only the archives need restoration, which includes information that the hospital rarely uses.