If you’re living in Baltimore County, particularly if you’re a patient of the Primary Health & Wellness Center (PHWC), remember the 20th of October, 2023? That’s the day when PHWC realised that they’d been the victims of a ransomware attack. Ransomware, if you’re not familiar, is a type of malicious software that cyber attackers use to block you from accessing your very own data before nervously handing you a ransom note to return your own information – quite the modern day heist.
In this case, the damage was considerable. The miscreants managed to encrypt the network server of PHWC, which happened to contain medical records of patients going all the way back to 2018. That’s a whopping number of patient details including names, addresses, and dates of birth, not to mention Social Security numbers and of course, sensitive medical records. Makes your head spin a bit, doesn’t it?
Understandably, the good folks at PHWC sprang into action. They hired a top-notch computer forensics team to investigate the incident, who I must say, did a grand job. They identified the culprit to be a variant of Phobos ransomware which managed to encrypt the server remotely.
What’s more, the boffins did not just track down the culprits, they actually managed to disable the remote access and secure the server. What’s even more relieving is that they found no further vulnerabilities and no evidence that our data was lifted or so much as peeked at.
Now, that’s all well and good, but what happens next? The crux of the matter is that, even though there’s no proof that our information was tampered with or misused, it’s a good idea for us all to remain on our toes, or in this case, keep our eyes peeled. Be vigilant, review your account statements, and monitor your credit reports closely.
If you do notice anything fishy – promptly report it to the right #law enforcement authorities. Don’t just shrug it off! Also, consider taking a gander at the tips offered by the Federal Trade Commission on how to stay vigilant against fraud, identity theft and other personal information scams.
At the end of the day, PHWC has let us know that they are deeply committed to preserving our confidentiality and they are going to great lengths to ensure that such an incident doesn’t happen in the future. It’s clear that the PHWC takes their responsibility to the Health Information Portability and Accountability Act and the Maryland Confidentiality of Medical Records Act to heart, and they are genuinely sorry for the incident and the inconvenience.
And remember, if you ever have any questions and concerns about this, don’t hesitate to reach out! They’ve made a confidential line available to ease your worries and answer your queries. So, chin up, keep calm and stay vigilant!
by Parker Bytes
