Are You Having A Technology Emergency?

True North Networks Blog

Ferguson Medical Group Reports Data Loss from Ransomware Attack


Ferguson Medical Group, owned by Saint Francis Health, was infected with ransomware in September, which caused some data loss; a phishing incident and email hack complete this week’s breach roundup.

 - The Missouri-based Saint Francis Healthcare System’s Ferguson Medical Group was hit with a ransomware attack in September 2018, which encrypted all of the medical records for services provided by FMG prior to January 1.

The cyberattack infected the computer network used by FMG before it was acquired by Saint Francis in early 2019. All data contained on the network was rendered inaccessible by the attack, and officials were asked to pay a ransom to regain access.

Upon discovery, Saint Francis immediately took steps to secure the network and worked with federal law enforcement. The health system did not pay the ransom, but restored access to the encrypted files using available backup files.

However, officials said they were unable to restore access to all of the files encrypted by ransomware. As a result, all records for services provided by FMG between September 20, 2018 and December 31, 2018, including documentation scanned into the FMG system were permanently lost.

“Saint Francis does not believe that this incident resulted in the disclosure of any patient information to any unauthorized third parties,” officials wrote. “There is no indication that patient information has been or will be used inappropriately.”

All individuals from the impacted timeframe are being identified and located and will receive free credit monitoring services.


Choice Cancer Care Treatment Center in Texas recently began notifying patients that their data was potentially breached after an employee email hack in May.

On May 21, officials discovered suspicious activity on a company email account and launched an investigation with help from a third-party forensic investigation firm. They determined an unauthorized actor gained access to one employee email account between May 1 and May 21 before it was discovered.

According to officials, after discovering the incident they secured the account and confirmed the security of its employee email system.

Officials then “undertook a diligent programmatic and manual review of the contents of the relevant email account to determine whether personal information may have been present in the email account at the time of the incident.”

The investigation ended on September 18, four months after the initial incident. Choice Cancer Care then reviewed the records found within the compromised email account, which included some patient names, medical or health insurance information.

For some patients, the data could also include driver’s licenses, Social Security numbers, credit card information, and passport numbers. Those patients will receive credit monitoring and identity restoration servers.

Choice Cancer Care is currently reviewing its policies and procedures for data security and conducting additional employee training on data privacy and security.


California’s Solara Medical Supplies discovered an email breach in June, which later determined a more extensive compromise of its employee email system. In total, 114,007 patients were impacted.

Suspicious activity was first discovered on June 28 on one employee email account. An investigation led by a third-party team revealed several of its Office365 email accounts were breached for several months between April 2 and June 20. The accounts were immediately secured.

A manual review of the accounts determined the hacker could have potentially accessed some data that varied by patient, including names, Social Security numbers, employee identification, health insurance data, passports, state ID or driver’s licenses, Medicare or Medicaid ID, contact information, birthdates, and a trove of personally identifiable data.

Patients will receive a year of free credit monitoring and identity theft protection services. Solar has since bolstered the security measures on its email system.

Ransomware, phishing, and other email-related cyberattacks continue to plague the healthcare sector. Europol recently shared best practice guidance for spear-phishing attacks, which could prove useful to those healthcare providers still struggling to keep pace with these threats. The guide contains a list of useful technologies, as well as necessary policies and procedures.


Black Friday 2019 Security Threat: U.S. Government...
110 Nursing Homes Cut Off from Health Records in R...