Blue Springs Family Care, a Missouri-based healthcare company, was founded in 1979 to provide home medical services to residents in Jackson County. Recent news reports show that Blue Springs Family Care has experienced ransomware attacks, and the number of data falling into the hands of attackers has reached 44,979.
The company stated in an open letter that the attacker might have obtained a variety of patient record information, including at least: the patient’s full name, address and date of birth, account number, social security number, disability level, medical diagnosis and driver’s license/identity Certificate number.
The open letter also pointed out that the ransomware attack was first discovered on May 12, 2018. The person responsible for investigating the attack found that an “unauthorized party had attacked the company’s computer system” and various malware programs had uploaded to the system, and one of the malware programs contained malicious encryption.
After discovering the anomaly, Blue Springs Family Care immediately hired a forensic information technology company. The company isolated the infected systems and installed monitoring software so they could find out if any unauthorized entities had access to the infected system.
Blue Springs Family Care said they have entered into a partnership agreement with another electronic health record provider, and the new partner will encrypt all health data.