Cyberattackers Ask for Ransom Demands from Advanced Urgent Care of Florida Keys and Galstan & Ward Family and Cosmetic Dentistry

Advanced Urgent Care of Florida Keys began sending breach notifications to patients on November 6, 2020 concerning a ransomware attack that transpired on March 1, 2020. Though not mentioned in the breach notice, on March 14, 2020, Databreaches.net documented the stealing of patient information during the attack. The attackers exposed the stolen data on the internet because there was no ransom payment received.

Based on the Advanced Urgent Care breach notice, after the ransomware attack, an investigation to find out whether patient information was compromised proceeded up to September 11, 2020. The attack ended in the encryption of files located on a backup drive that included protected health information (PHI) such as names, dates of birth, medical treatment details, laboratory results, medical diagnostic data, medical insurance data, medical record numbers, Medicaid or Medicare beneficiary numbers, medical billing details, bank account data, credit or debit card details, CHAMPUS ID numbers, driver’s license numbers, Military and/or Veterans Administration numbers, Social Security numbers and signatures.

Advanced Urgent Care provided free credit monitoring services to individuals who had their Social Security numbers potentially exposed and have taken steps to enhance security to protect against more attacks and to detect and remediate potential threats.

Galstan & Ward Family and Cosmetic Dentistry, GA

Galstan & Ward Family and Cosmetic Dentistry based in Suwanee, GA, reported a ransom incident associated with a computer virus that infected one of its servers. This incident is not like ransomware attacks that leave encrypted files and a ransom note on infected computer systems. According to Galstan & Ward, someone contacted the practice via telephone and told about the virus that infected its computer server. That person also demanded a ransom payment over the phone.

Galstan & Ward had already noticed the server’s suspicious activity and had contracted a third-party vendor to clean the server and bring back the data kept in a backup. Galstan & Ward did not pay any ransom and reported no considerable interruption to services or loss of data. But on September 11, 2020, Galstan & Ward found out that there were some stolen files, which the attacker published on a dark web site. Those stolen files, however, didn’t include any patient data.

The contracted IT company affirmed the removal of the malware and said that there was no indication of access of patient information within its dental practice software. More investigations likewise found no proof that suggests the access or acquisition of patient data.

Galstan & Ward issued notifications to patients as a safety precaution given that it wasn’t possible to eliminate the probability of unauthorized access of PHI. In case the attackers got access to the dental software program, they potentially have viewed names, addresses, birth dates, Social Security numbers, and dental files.

The Galstan & Ward comprehensive substitute breach notice stated that it is now using cryptographic technology to secure patient information. More data security measures were added to its web server infrastructure. The practice also offered the affected persons free identity theft protection services via IDX.