Cybersecurity, Ransomware and 3rd Parties.
All is relatively well here at Woesnotgone Meadow, where everyone has above average bandwidth.
Our residents regularly visit the doctors. Not that we are overly concerned to a fault, however, we do attend our regularly scheduled appointments. One area we pay particular attention to is our eyesight. Without our eyesight, we can’t read the menu at Margie’s Coney Island. The local eye clinic is managed by Gerry, who pays particular attention to detail. There was an eye clinic that has had issues though.
Redwood Eye Center is located in Vallejo, CA, and is an ophthalmology practice. The practice contracted with IT Lighthouse to host and store the electronic patient records.
Ransomware is a relatively easy tool to implement in an attack. The attackers are able to phish a list of targets without a mass amount of effort, in comparison with attacks on an enterprise system. Dependent on the tool, there is a limited success rate. Bearing this in mind, all it does take is a few people to click in the right department and the business functionality may be shut down.
In this case, the issue is with IT Lighthouse. This business hosts and stores Redwood Eye Center’s patient records. There certainly can be benefits to having a third party host the electronic health records (EHR), which is why this has become relatively popular. The eye clinic learned of the breach on September 20, 2018. Sometime during the evening of September 19th the ransomware attack was detected. This was detected on the server which stored a portion of their patient’s records.
It appears the patient data was not exfiltrated. This affected 16,055 patients. This is, as noted and fortunately, only a portion of the office’s patient records. The data enclosed with this included the usual patient’s name, addresses, date of birth, health insurance information, and medical treatment information. Post detection, the clinic contracted with a computer forensic company to deconstruct the ransomware attack. The eye clinic also had the medical records company restore access to the patient’s information for the clinic.
This is another example of a third party being the weakest link. This has happened multiple times in recent years. Too often companies contract with a third party business and don’t check the other company’s cybersecurity practices. When the company allows the third party access to their system, the company allows everything with the system in also. All the issues accompany the third party when they access the system. This includes any malware they already have in their system. With any third party granted access, a due diligence should be completed to the company’s acceptance prior to any connection.
Thanks for visiting Woesnotgone Meadow, where the encryption is strong, and the O/Ss are always using the latest version.
Resources
Dissent. (2018, December 7). Redwood eye center notifies 16,000 patients after EMR vendor experiences ransomware attack. Retrieved from https://www.databreaches.net/redwood-eye-center-notifies-16000-patients-after-emr-vendor-experiences-ransomware-attack/
Leventhal, R. (2018, December 11). Eye center in california switches her vendor following ransomware incident. Retrieved from https://www.healthcare-informatics.com/news-item/cybersecurity/eye-center-california-switches-ehr-vendor-following-ransomware-incident
McGee, M.K. (2018, December 7). Another electronic health records vendor hacked. Retrieved from https://www.careersinfosecurity.com/another-electronic-health-records-vendor-hacked-a-11823
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.