Leon Medical Centers and Nocona General Hospital suffered a ransomware attack in November, in which attackers stole tens of thousands of patient records. The attack was only officially announced in January. Among the records stolen were scanned diagnostics results and letters to insurers, which include personally identifiable information such as names, addresses and birthdates. The attackers demanded a ransom payment in return for a decryption key and a promise not to publish the records stolen. It is unknown, however, how the data was stolen from Nocona General Hospital, as they have not yet published a breach disclosure.
Tim Mackey, principal security strategist at Synopsys Inc.’s Cybersecurity Research Center commented on the attack: “The unfortunate reality of any cyberattack on a healthcare system is that the data obtained is some of the most personal information available. Cybercriminals know this and fully expect that their ransom demands will be met in one form or another. As a result, patients of either medical system should be on guard for very targeted spam emails or robocalls.”