Ransomware attack at NJSC

October 28th, 2016 by admin Leave a reply »

New Jersey Spine Centre announced data breach when its server suffered ransomware attack. Facility mentioned that all of the practice’s electronic medical record files were encrypted. 
eat

Affected information included Clinical information which includes procedures, office notes, reports, demographic information, personal information, and some financial information. Facility notified the FBI and local authorities regarding the incident.

“The malware was blocked by our virus protection software but unfortunately not before the damage had already been completed to our records,” New Jersey Spine Center explained. “The virus likely gained access by utilizing a list of stolen passwords by running an automated program, and demanded a ransom payment to obtain an encryption key to unlock the files.”

Facility did not mentioned whether ransom was paid but it did say that the practice obtained the key. As per the OCR data breach reporting tool states, total 28,000 individuals were affected by the incident.

Facility also mentioned that there is no information to suggest that any medical, personal of financial information was used or stolen by the individuals. Notifications are sent to the concerned individuals.

New Jersey Spine Center is the leading choice for spine care in eastern Pennsylvania and southern New York. It brings the cutting-edge and comprehensive spine care to the region. It also provide a comprehensive evaluation process permitting a thorough and complete evaluation of patients problem for appropriate decision making. A multi-disciplinary approach is provided which enables facility to provide the options available for care.

Two types ransomware in circulation 

First type is called Encrypting ransomware. It uses advanced encryption algorithms to block system files. Hackers demand payment to provide the victim with the key to unblock content.

Second type is called Locker ransomware. It locks the victim out of the operating system and the system. Attackers ask for money to unlock the system.

____________________________________________________________________________________________

Alertsec was established was that encryption should be simple, transparent and available for all.

Leave a Reply