Doctor’s Management Service Inc. is notifying patients of a data breach following a ransomware attack on their network.
Doctors’ Management Service Inc., a provider of medical billing services based in Massachusetts, discovered the ransomware on December 24, 2018. Doctors’ Management Service was unable to access any of the files stored on the network, and the treat actors behind the attack demanded a ransom to restore access.
An investigation was launched into the breach to determine the cause of the incident, what information was affected, and the potentially harmful consequences of the breach. Investigators determined that the threat actors behind the attack had used GandCrab ransomware.
Doctors’ Management Service was able to recover the affected files from backups they held. No ransom was paid to the threat actors.
The investigators discovered that the treat actors behind the attack first gained access to the company’s network on April 1, 2017, nearly 18 months before the attack. The hackers gained access to the network through Remote Desktop Protocol on one of the company’s workstations.
Some of the patient information that the threat actors may have accessed included names, addresses, dates of birth, Social Security numbers, insurance information, Medicare/Medicaid ID numbers, driver’s license numbers, and some diagnostic information.
The threat actors appear to have timed the attack such that staff at the facility would not immediately notice it. Due to the time delay between initial access of the network and the ransomware attack, it is possible that the threat actors broke into the network to achieve some other goal and the ransomware a secondary objective.
Following HIPAA’s Breach Notification Rule, letters have been sent to all affected patients. In the letter, Doctors’ Management Service explained that no unauthorised server access was detected until the ransomware was deployed on December 24, and the forensic investigation did not uncover any evidence of data access nor exfiltration of patient data. However, the investigators could not rule out the possibility of data theft.
“Since discovering the breach, we have changed our network security system to limit access to our systems from outside of our network and to improve our network security. DMS, in conjunction with outside information security experts, is working to help prevent similar occurrences in the future,” Doctors’ Management Service CEO Timothy DiBona wrote in a statement.
Doctors’ Management Service reported the breach to the Department of Health and Human Services’ Office for Civil Rights. The breach summary has yet to appear on the OCR breach portal, so the exact number of patients affected by the breach is unknown.