HIPAA Blog

[ Thursday, July 20, 2017 ]

 

Peachtree Neurological (Atlanta): Peachtree Neurological was hit with ransomware recently.  Fortunately, (i) they were able to restore their systems without paying the ransom, and (ii) there was no evidence that the ransomware exfiltrated any data, thus likely giving them a good reason to determine that the ransomware incident did not constitute a reportable breach (yes, OCR, I'm talking to you).

However, in the course of investigating and responding to the ransomware attack, Peachtree uncovered a more unfortunate fact: some hacker had been camped out in their data for over a year.  It does not look like they are able to tell what was accessed or if anything untoward was done, or if the hacker just had access and never did anything.  But while the ransomware might not be reportable, this one pretty much definitely is.  

Jeff [10:36 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template