kras99 - stock.adobe.com

Healthcare Ransomware Attack Targets Practice Management Vendor

Practice management vendor Practicefirst announced a 2020 healthcare ransomware attack that may have exposed patient and employee PII.

New York-based practice management vendor Practicefirst announced that a 2020 healthcare ransomware attack may have exposed personally identifiable information (PII) of patients and employees. The vendor’s statement said that it is not aware of any fraud or misuse of information, and the bad actor informed Practicefirst that the information was never shared and was later destroyed. 

Practicefirst describes itself as a leader in medical billing, coding, credentialing, bookkeeping, and practice management solutions. When the vendor detected suspicious activity on December 30th, 2020, it shut down all systems, changed passwords, and notified authorities. 

The hacker attempted to deploy ransomware and successfully copied files from Practicefirst’s system that contained patient and employee PII. The information, later deleted, contained birthdates, names, addresses, driver’s license numbers, Social Security numbers, email addresses and tax identification numbers.

In addition, diagnoses, lab and treatment information, medication information, health insurance identification, employee usernames and passwords, bank account information and tax identification numbers were exposed. Each exposed record did not contain every category of information listed.

“We immediately reported the Incident to appropriate law enforcement authorities and implemented measures to further improve the security of our systems and practices,” the statement explained.

“We worked with a leading privacy and security firm to aid in our investigation and response and will report this Incident to relevant government agencies. We also implemented additional security protocols designed to protect our network, email environment, and systems.”

Impacted individuals were notified, and Practicefirst set up an assistance line to address questions about the incident.

In other data breach news, University Medical Center of Southern Nevada recently announced that it faced a ransomware attack at the hands of the infamous REvil hacker group, responsible for a number of high-profile attacks.

In addition, Aultman Health Foundation in Ohio announced that a now-terminated employee had been inappropriately accessing patient EHRs for over a decade. The employee continuously committed HIPAA violations and accessed over 7,000 patient records.

Next Steps

Dig Deeper on Healthcare data breaches