Industry News

GandCrab ransomware claims another healthcare firm

A medical billing service headquartered in Massachusetts has notified patients of a data breach, saying hackers may have exposed their data. The attack involved the infamous GandCrab ransomware.

Cyber crooks have developed a taste for healthcare institutions and their affiliates in recent years, infecting their systems with ransomware or injecting code designed to steal data for future fraud operations. One of the latest reports of a ransomware infection comes from medical billing company Doctors’ Management Service, Inc., which fell victim to GandCrab operators.

The breach, according to the DMS notice (obtained by databreaches.net), occurred in April of 2017. The organization only discovered the breach in December last year, when the attackers deployed ransomware on a vulnerable workstation via Remote Desktop Protocol (RDP). An investigation later revealed attackers deployed GandCrab, the most prolific ransomware in recent times.

DMS refused to pay the attackers’ ransom demand and recovered its data from backup. Since it can’t be ruled out that the attackers also accessed and stole patient information, though, the company is notifying everyone who may have been affected. If the attackers also copied the data before encrypting it, they would be in the possession of: name, address, date of birth, Social Security number, driver’s license number, insurance and Medicare/Medicaid information and numbers, and medical information, including some sensitive diagnostic information.

Those who have received DMS’s notice are encouraged to use the free credit monitoring service offered by the company. However, since credit monitoring isn’t synonymous with protection against fraud, affected parties are advised to carefully monitor their bank statements for any abnormalities. 

About the author

Filip TRUTA

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware, and security, and has worked in various B2B and B2C marketing roles. He likes fishing (not phishing), basketball, and playing around in FL Studio.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.