Reinvestigation of 2019 Metro Presort Ransomware Attack Shows Potential Compromise of PHI

Technology and communication solutions provider Metro Presort based in Portland, OR encountered a ransomware attack last May 6, 2019 that allowed the encryption of files so that its staff could not access its systems. The company detected the ransomware attack immediately and secured its systems on May 15, 2019. The company had recovered from the attack somewhat easily. The investigators of the incident didn’t find any proof that suggests the removal of files from its system and considering that the company already applies encryption on customer information, it is unlikely that the attackers could access any sensitive data.

Metro Presort investigated the attack again in October 2020. This time, it did not confirm the encryption of files that contain customer data prior to the attack. Therefore, the attacker could have potential access to statements, invoices, and spreadsheets that Metro presort prepared for its clients, healthcare providers included. A substitute breach notice posted on the Metro Presort website on November 24, 2020 stated that an audit of those files affirmed their content as including patient names, addresses, birth dates, patient and health plan account numbers or IDs, appointment dates, diagnoses codes, treatment codes, and treatment dates.

The HHS’ Office for Civil Rights website recently published the incident indicating the potential compromise of the PHI of up to 38,387 people. Metro Presort mentioned in its breach notice that the Department of Health and Human Services’ Office for Civil Rights investigated Metro Presort’s response to the breach, its guidelines, and procedures. The case was closed on December 31, 2020 after OCR established that there was no violation of HIPAA rules.

Metro Presort also mentioned in its breach notice that both prior to the incident and afterward, MPI has given substantial resources to keeping and improving its data security, which includes setting up of the most recent technical security measures to avoid the same incidents, extra protections (encryption) of customer documents, and security reviews.