Florida-based laboratory witnessed a ransomware attack that has leaked the personal health information (PHI) of more than 30,000 individuals. Nationwide Laboratory Services situated in Boca Raton, noticed suspicious activities on its network on May 19, 2021. After the investigation on suspicious activities, it has been revealed that the group of attackers had used ransomware to encrypt files across the healthcare provider’s network, making data inaccessible for every member.
Laboratory Services firm recruited a third-party cybersecurity firm to investigate further into the attack and aid with cleanup. According to Digital forensics, the group of cyber-attackers hacked into parts of Nationwide Laboratory Services’ network that housed patients’ PHI.
The perpetrators of the attack compromised the data of patients including their names, addresses, dates of birth, lab test results, Medicare numbers, medical record numbers, and health insurance information. Furthermore, a notice on the security incident has been released by the Nationwide Laboratory Services that gives a warning that “a small number of individuals had their Social Security numbers affected.”
According to the lab, the attack did not exploit all nationwide patients’ data. It was also reported that the compromised data varied from person to person. The laboratory firm added, “Nationwide has no indication that any information was or will be used for an improper purpose.”
It was about October 28 when Nationwide had published a report about the data breach to the Department of Health and Human Services’ Office for Civil Rights. A study has shown, around 33,437 individuals’ personal credentials may have been compromised recently. Individuals who have been affected extensively by the ransomware attack were notified and given recommendations on how to secure their important data.
“On May 19, 2021, Nationwide Laboratory Services realized that a ransomware virus had begun encrypting files stored on its network,” the laboratory reported…”
“…An unauthorized entity may have deleted a restricted number of files from its system in addition to encrypting them.” Firm added.