A ransomware attack on a laboratory based in Florida has exposed the personal health information (PHI) of more than 30,000 patients.
Nationwide Laboratory Services, which is based in Boca Raton, identified suspicious activity on its network on May 19, 2021. An examination of the activity revealed that attackers had used ransomware to encrypt files across the healthcare provider’s network, making their contents inaccessible.
The lab hired a third-party cybersecurity firm to investigate the attack and assist with remediation. Digital forensics revealed that cyber-attackers had broken into areas of Nationwide Laboratory Services’ network that contained patients’ PHI.
Lawbreakers behind the ransomware assault encrypted files in which patient data was stored, including names, dates of birth, lab test results, medical record numbers, Medicare numbers, and health insurance information.
A notice released by Nationwide Laboratory Services regarding the security incident warned: “A limited number of individuals had Social Security number also impacted.”
The lab said that the cyber-attack had not affected all patients of Nationwide. Is also said that the amount of data exposed in the incident differed from patient to patient.
“Nationwide has no evidence that any information was or will be used for any unintended purpose,” stated the laboratory.
A report concerning the breach was submitted by Nationwide to the Department of Health and Human Services’ Office for Civil Rights on October 28. The report indicates the PHI of up to 33,437 individuals may have been exposed.
Patients who were affected by the ransomware attack have been notified and provided with best practices to protect their information. Nationwide urged impacted individuals to remain vigilant for signs of identity theft, and to review their financial account statements on a regular basis for any fraudulent activity.
On top of encrypting an unspecified number of files belonging to Nationwide, the cyber-criminals behind the attack on the laboratory potentially deleted some files from their victim’s network.
The laboratory stated: “On May 19, 2021, Nationwide Laboratory Services detected that a ransomware infection began encrypting files stored on its network. In addition to encrypting files, an unauthorized party may have removed a limited number of files from its system.”