Just several weeks following one of the largest healthcare cyberattacks in the US, another hospital system was taken down by a ransomware attack.
According to a report, OakBend discovered that cybercriminals had accessed its network and encrypted parts of its system on September 1, 2022. In reaction, OakBend started working on network restoration before getting in touch with a third-party data security organization to help with the business's investigation into the event.
The investigation revealed that OakBend Medical Center's computer system had been accessed without authorization and that the hackers had been able to delete some of the material that was accessible.
OakBend Medical Center started looking through the affected files after learning that private customer information had been made available to an unauthorized entity, in order to ascertain what information had been hacked and whose customers were impacted.
On October 28, the medical system notified the Department of Health and Human Services (HHS) of a data breach affecting approximately 500,000 people. The attack has been linked to the ransomware and data extortion gang Daixin Team.
The group, which was formed in June of this year, has financial motivations. Fitzgibbon Hospital in Missouri was its prior victim, and the gang claims to have stolen 40GB of confidential data, including personnel and patient records.
Additionally, CommonSpirit, which manages over 140 hospitals in the US, decided not to reveal the precise number of its locations that were experiencing delays. However, a number of hospitals have reported being impacted, including CHI Memorial Hospital in Tennessee, some St. Luke's hospitals in Texas, and Virginia Mason Franciscan Health in Seattle.
According to Brett Callow, a cybersecurity specialist at Emsisoft, ransomware has been used to breach 19 significant hospital chains in the United States this year.
OakBend stated: "Our analysis shows that only a small quantity of data was really transported outside of the OakBend computing environment, even though we are aware that the hackers had access to OakBend's servers to encrypt our data. However, it does seem that the cybercriminals were able to access or remove several employee data sets and some reports that contained the private and medical information pertaining to our present and past patients, employees, and connected individuals."
To all those whose information was affected as a result of the current data breach, OakBend Medical Center handed out data breach notifications on October 31, 2022.
