- Medical billing service provider ‘Doctors’ Management Service’ suffered a ransomware attack compromising patients’ data from a number of its clients.
- The compromised data includes patients’ personal information such as names, addresses, dates of birth, Social Security numbers, driver’s license numbers, insurance, Medicare/Medicaid information and numbers, and medical information.
What is the issue - Medical billing service provider ‘Doctors’ Management Service’ suffered a ransomware attack compromising patients’ data from a number of its clients.
Why it matters - This incident has impacted almost 38 healthcare centers including Beverly Surgical Associates, Today’s Wellness PLLC, Neuro Institute of New England, Thompson Medical Associates, New England Community Medical Services, and more.
What data was compromised - The compromised data includes patients’ personal information such as names, addresses, dates of birth, Social Security numbers, driver’s license numbers, insurance, Medicare/Medicaid information and numbers, and medical information.
What was the immediate action taken?
- Upon discovery, DMS hired leading forensic investigators to conduct a comprehensive investigation.
- The medical billing services provider has notified the law enforcement authorities about the incident.
- DMS has changed its network security system in order to restrict unauthorized access to its systems and to improve its network security.
- It is working closely with information security experts to prevent such incidents from happening in the future.
- Further, it is providing training to its staff on cyber best practices.
The big picture
Medical billing service provider ‘Doctors’ Management Service’ that provides billing services to hospitals and healthcare centers suffered a ransomware attack compromising patients’ personal information.
The ransomware attack infected the DMS’ systems. DMS first detected the incident on December 24, 2018, and upon discovery conducted a comprehensive investigation. The investigation revealed that the ransomware is GandCrab.
The billing service provider disclosed that the initial unauthorized access to the DMS network happened on April 1, 2017, via RDP protocol on a DMS workstation.
“On February 15, 2019, our forensic investigator reported that while the investigation could not determine whether personal health information was actually viewed or downloaded that type of activity could not be ruled out. In an abundance of caution a thorough review of all information maintained by DMS in the impacted server at the time of the incident was performed to identify any personal information present,” the data breach notice read.
- DMS confirmed that there’s no evidence of any unauthorized access to, use of, or exfiltration of any patient data.
- DMS has restored the encrypted files from backup without paying ransom payment.
The impacted healthcare centers and hospitals include,
- Anjum Baqai Associates
- Arcangel Neurological Consultants
- AT Care PLLC
- AUM Healing Center
- Bell Mental Health Associates
- Beverly Surgical Associates
- Bhealthy Primary Care
- First Choice Community Medical Services
- Holy Family Medical Specialty
- Lowell General Inpatient Specialists
- NE Pulmonary & Sleep
- New England Inpatient Specialists
- New England Pulmonary & Sleep Specialists
- Today's Wellness PLLC
- Incare LLC
- Pricipes Medical Group
- Joseph Schwartz PLLC
- Neuro Institute of New England
- New England Reconstructive & Aesthetic
- Northwoods Surgical, PLLC
- Pathways Healthcare LLC
- Peaceful Soul
- Personalized Medicine
- Pinnacle Medical Group
- Post Acute Cardiology
- Precision Surgical Specialists of Lowell
- Premiere Care
- Saxony Primary Care PLLC
- Sports Medicine Health LLC
- Surgical Group of Norwood
- The Wholeness Center
- Theresa M Smith Practice
- Thompson Medical Associates
- WLB Rehabilitation Medicine
- Heywood Athol Inpatient Specialists PLLC
- Winchester Hospital Inpatient Specialists
- Dutch Connection LLC
- New England Community Medical Services