Question

This assignment allows us to view several historical/memorable occurrences in the healthcare field that have/will shape our future landscape

400,000 COLUMBIA SURGICAL PATIENT RECORDS BREACHED

On February 18, Columbia Surgical Specialists of Spokane reported a breach to the Department of Health and Human Services, which impacted 400,000 patients. Currently, there’s no public breach notice on the Columbia Surgical site, so not much is known as to the extent of the attack. The cyberattack is being reported as ransomware, which hit the specialist on January 7. The provider did not pay the ransom, and the encrypted files were restored from backups.

please I need help

Answer 1

Columbia Surgical Specialists in Spokane city of Washington impacted by a ransomware attack, which has possibly allowed unauthorized individuals access to Protected Health Information (PHI) of around 400,000 patients. The Columbia Surgical Specialists came to know about this ransomware attack on Jan. 9, 2019. This security breach was then investigated immediately, and assistance has been provided by Intrinium, the IT security provider.

Files that were encrypted by ransomware contain patient information, including names, Social security numbers, driver's license numbers and various other types of PHI.

HIPAA Journal has been told by the Columbia Surgical Specialists that data security firm "went through our systems with a fine-tooth comb". The data security firm concluded that the patient data was not stolen by attackers, "but due to the nature of the ransomware and how the infection first began, there cannot be a guarantee". However, Columbia Surgical Specialists thinks that risk to the patients has been very low, and the notification sent to the patients is just a precautionary step.

The vulnerability that has been exploited in order to have access to Columbia Surgical Specialists network server for installing the ransomware was addressed. Moreover, the internal protocols along with procedures are getting reviewed by Columbia Surgical Specialists to prevent the future attacks.

Columbia Surgical Specialists were very open about this breach. They confirmed that for recovering the patient files, decision has been taken to pay ransom demand. Around $14,650 was paid in the cryptocurrency for decrypting the file that was encrypted by this ransowmare.

"We received notice from the people that encrypted the files just a few hours before several patients were scheduled for surgeries, and they made it clear we would not have access to patient information until we paid a fee," stated the Columbia Surgical Specialists. "We quickly determined that the health and well-being of our patients was the number one concern, and when we made the payment they gave us the decryption key so we could immediately proceed unlocking the data".

The breach notification that has been sent to the patients provides certain insight about the nature of the breach investigations and the reason behind taking so long for issuing notifications to the patients.

The security breach has been reported to Department of Health and Human Services' Office for Civil Rights on Feb. 18, 2019.