Ransomware Attacks Reported by Rangely District Hospital and Electronic Waveform Lab

Rangely District Hospital in Colorado started notifying patients regarding the ransomware attack in April 2020 that impacted some of their protected health information (PHI) stored on parts of its network.

The hospital discovered the ransomware attack on April 9, 2020 and took steps to contain the attack. But it wasn’t possible to stop the encryption of some files, a number of which held patient information.

Rangely District Hospital said the first attack on its systems happened on April 2, 2020, however, ransomware was not deployed until April 9, 2020. The hospital reported that the encryption process was automated, and there was no evidence found that suggest data access or exfiltration. The investigation shows that an international threat actor carried out the attack, however, it was impossible to know who was behind the attack.

Though it is believed that the attackers did not access patient data, it wasn’t possible to ascertain there was no unauthorized access. The ransomware encrypted files that could have been viewed. The following types of personal and PHI were included: names, addresses, telephone numbers, dates of birth, social security numbers, driver’s license copies, dates of hospital admissions or service, diagnoses and conditions, treatment or procedure notes and orders, medications, imaging studies, and health insurance and claims and billing details.

Although it was possible to restore many files from backups without paying the ransom, a number of patient data remain inaccessible. Besides the files that contain patient information, files necessary to a legacy software system were also encrypted and couldn’t be recovered. Rangely District Hospital employed a ‘Meditech’ database for keeping patient documents between August 2012 and August 2017 and the legacy software is necessary to view patient data in the database. The attack did not affect the database itself, but without the software, patient documents created during that 5-year period can’t be accessed. The information of certain patients who got home health services between June 2019 and April 2020 was still inaccessible. Rangely District Hospital is presently considering other options to access the database.

Patient Data Potentially Exposed Due to a Ransomware Attack at Electronic Waveform Lab

Electronic Waveform Lab, a manufacturer of medical, ophthalmic, surgical, and veterinary instruments based in Huntington Beach, CA, reported a ransomware attack and the encryption of information stored on some of its servers.

The impacted servers had a minimal amount of private and health data of patients including their names, addresses, medical diagnosis codes, and selected treatment data. The forensic specialists looking into the ransomware attack could not ascertain if the attackers accessed or acquired patient data before data encryption, however, the possibility cannot be eliminated.

Electronic Waveform Lab had enforced security measures prior to the attack to secure patient data, however, it seems insufficient to stop the attack. Security policies have already been assessed and are being upgraded to avoid the same breaches later on.

Electronic Waveform Lab succeeded in restoring its servers and records. There was no loss of patient data that resulted from the attack.