University of Southern California hospitals back online after ransomware attack
USC's Keck and Norris Hospital restored data within days of the incident and did not pay a ransom, an official said.
Two University of Southern California hospitals were recently hit by a ransomware attack that encrypted hospital data on servers, making files inaccessible to employees.
"The attack was quickly contained and isolated to prevent the spreading of malware to other servers," Keck Hospital CEO Rodney Hanners wrote in a statement posted on the USC website.
USC executives notified the FBI immediately after discovering the August 1 attack and began an internal forensic investigation, Hanners said in the statement. They also engaged Ernst Young to review how best to investigate the matter.
[Also: Locky ransomware attacks hit hospitals the hardest, report says]
"Within several days, we were able to remediate the incident and fully restore the data from the encrypted folders to the servers," Hanners wrote in his memo. "No ransom was paid."
The servers affected do not store Keck's electronic medical record system. Rather, many of the folders are departmental files that contain internal operational documents intended to be used and shared among hospital and clinic personnel, such as templates, training manuals, human resource materials and other information needed for hospital operations, according to Hanners.
"Our investigation has not revealed any evidence that data was retrieved or accessed as a result of this ransomware," Hanners added. "Typically, ransomware is used to deny users access to their information in order to quickly extract money from the data owners – not to steal data. However, as a precaution, we are providing this notice to patients or other individuals whose health or other personal information was in the encrypted folders."
[Also: Appalachian Regional Healthcare back online after cyberattack cripples system for nearly 3 weeks]
Sensitive data included name and demographic information, date of birth, identifiable health information, including treatment and diagnosis for some patients, and in certain cases, social security numbers.
As a result of this incident, USC will further improve its security detection and response processes, enhancing audit and logging capabilities to better respond to potential threats, including ransomware malware, Hanners wrote.
He noted USC had already invested in additional tools to identify malicious traffic and would accelerate implementation and also explore how best to protect data at rest through encryption.
USC notified the California Department of Public Health, the California Attorney General and the U.S. Department of Health and Human Services' Office for Civil Rights of the incident.
Twitter: @Bernie_HITN