Salina Family Healthcare Center
Ransomware Crisis Averted Too Fast
Salina Family Healthcare Center in Kansas was attacked by a ransomware attack in June of 2017. Fortunately, Salina had a rigorous system in place to create and store backups of their system. Because they were diligent in following the backup procedures, they were able to restore their computers and servers quickly and resume the care of their patients and daily business activities. The weak point in the process became evident during the recovery process. Digital forensic experts were not able to examine their system to determine the depth of the breach or if data theft occurred because the system was overwritten with the backup tapes.
The Salina Facility procedures include data backups each night, servers are backed up once a week, and a comprehensive system backup is completed once a month. Additionally, all backups are encrypted and stored at an off-site location. The digital forensic evidence was not available because all the servers were scrubbed of data and rebuilt from backup tapes. “Leaving one server uncleaned would have helped in getting more forensics evidence,” Freelove adds. “ We had 33 end-user terminals deleted and rebuilt and should have saved one or two hard drives for the forensic investigators.” They did not take the time to preserve any digital hard drives for forensic analysis.
As digital forensic analysis could not be completed, the company was unable to determine that patient data was not compromised. As a precaution, notification letters were mailed out to 70,000 patients. The letters contained the offer of one year of credit monitoring and identity protection services from AllClear ID.
Patient Data that may have been accessed included patient names, addresses, Social Security numbers, dates of birth, health insurance information and treatment information. “To date, we are not aware of the misuse of anyone’s information as a result of this incident,” the organization said in the patient notification letter.
Taking the time to preserve digital evidence is critical in determining how the breach occurred and any possible data was stolen or accessed by cybercriminals.
Salina Family Healthcare is located in Salina, Kansas which is approximately 135 miles west of Topeka, KS.