Health Practice Loses Patient Data in Ransomware Attack, Tells Clients to Call Before Visiting


Alamance Skin Center, a Cone Health practice in Burlington in the US state of North Carolina, has disclosed a ransomware attack that left patient data “unrecoverable.”

Alamance Skin Center was attacked in late July, yet parent company Cone Health is only disclosing the incident this week.

“It is likely a phishing scam or brute force attack was used to gain access to the system,” Cone Health said. “A thorough forensic investigation has concluded that no patient information was taken in the attack. However, patient data at the practice is unrecoverable.”

Since the incident is a reportable breach as defined by HIPAA, Cone Health is reporting it to the proper agencies and law enforcement.

Alamance Skin Center’s electronic medical record system and servers are separate from the main Cone Health system, so the incident did not affect the parent company.

“While this attack was limited to this single practice, we use this as a learning opportunity across Cone Health,” said Frank Riccardi, vice president, chief compliance and privacy officer.

Riccardi urges staff to learn from this incident and keep an eye out for suspicious emails hitting their inboxes.

“In fact, I urge everyone to learn from these instances as well,” he said. “If you get an email asking for information such as passwords or to click to verify something, think twice. These attacks are getting extremely sophisticated. They are targeting families as well as businesses.”

Cone Health somehow determined that the affected patient data was not stolen, but doesn’t explain how investigators came to this conclusion. Ransomware actors typically copy the targeted data before encrypting it on the victim’s end. They then try to coerce the victim into paying the ransom by threatening to make the data public.

Patients with scheduled appointments are asked to call the practice to confirm it before coming in. Cone Health is also preparing a letter with information on how Alamance Skin Center clients can protect themselves and monitor credit reports for suspicious activity if they remain concerned.

In May, Bitdefender noted a 60% increase in breaches affecting healthcare institutions from February to March, as malicious actors ramped up their efforts to capitalize on the pandemic with coronavirus-themed phishing campaigns.

And just last week, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the US Department of Health and Human Services (HHS) issued a joint advisory warning the healthcare sector of increased attacks by ransomware threat actors.

The notice (AA20-302A) says the agencies “have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”

The advisory describes the tactics, techniques and procedures used by cybercriminals against targets in the healthcare and public health sector to infect systems with the Ryuk ransomware strain.