Los Angeles-based Pacific Alliance Medical Center has disclosed that it was hit by a ransomware attack, potentially breaching protected health information of its patients.
On June 14, the hospital discovered its servers were compromised and files were encrypted. Officials said PAMC turned to its incident and recovery procedures and shut down networked computer systems to prevent spreading the virus.
The provider's IT team conducted the initial investigation that revealed several PAMC computers were impacted in the attack. Officials said the virus was removed and the data was decrypted.
However, the notice to patients did not mention whether PAMC paid the ransom. Further, officials said the investigation couldn't rule out whether the patient data were viewed or stolen by the ransomware attack, although the organization didn't uncover evidence to suggest the data was stolen.
The impacted servers contained personal and medical information, such as names, demographic details, Social Security numbers, dates of birth, employment information, insurance details, diagnoses, medical images and the like. No financial information was included.
PAMC officials contacted the FBI, California Department of Public Health, California Attorney General and the U.S. Department of Health and Human Services' Office for Civil Rights. The breach reporting tool has yet to post the number of patients impacted by the breach.
All patients are being offered two years of free identity theft protection services.
"We have strengthened our virus detection and other systems and safeguards to prevent unauthorized persons from gaining access to our systems," officials said. "We have also taken other steps to try to prevent similar incidents in the future."
PAMC is taking a cautious approach to ransomware breach reporting, as OCR changed its reporting requirements in 2016 to place the burden of proof on providers. The amended rule stressed providers must determine with certainty hackers were unable to access data during a ransomware attack.