Privacy & Security

Los Angeles provider breached by ransomware attack, over 260,000 patients affected (UPDATED)

Pacific Alliance Medical Center’s servers were hit by a ransomware attack in June, and officials said the investigation couldn’t rule out whether 266,123 patient records were accessed.
By Jessica Davis
August 14, 2017
11:48 AM

Los Angeles-based Pacific Alliance Medical Center has disclosed that it was hit by a ransomware attack, potentially breaching protected health information of 266,123 patients.

On June 14, the hospital discovered its servers were compromised and files were encrypted. Officials said PAMC turned to its incident and recovery procedures and shut down networked computer systems to prevent spreading the virus.

The provider’s IT team conducted the initial investigation that revealed several PAMC computers were impacted in the attack. Officials said the virus was removed and the data was decrypted.

[Register Now: Upcoming HIMSS Healthcare Security Forum]

However, the notice to patients did not mention whether PAMC paid the ransom. Further, officials said the investigation couldn’t rule out whether the patient data were viewed or stolen by  the ransomware attack, although the organization didn’t uncover evidence to suggest the data was stolen.

The impacted servers contained personal and medical information, such as names, demographic details, Social Security numbers, dates of birth, employment information, insurance details, diagnoses, medical images and the like. No financial information was included.

[Also: There are 6 cybersecurity knowledge areas every infosec pro must master, NIST says]

PAMC officials contacted the FBI, California Department of Public Health, California Attorney General and the U.S. Department of Health and Human Services’ Office for Civil Rights.

All patients are being offered two years of free identity theft protection services.

“We have strengthened our virus detection and other systems and safeguards to prevent unauthorized persons from gaining access to our systems,” officials said. “We have also taken other steps to try to prevent similar incidents in the future.”

PAMC is taking a cautious approach to ransomware breach reporting, as OCR changed its reporting requirements in 2016 to place the burden of proof on providers. The amended rule stressed providers must determine with certainty hackers were unable to access data during a ransomware attack.

This post was updated to include the amount of patients impacted by the breach as reported to OCR.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn

Topics: 
Privacy & Security

More regional news

Nurses huddled together look at electronic health records on a tablet.

Epic and Marquette collaborate on EHR training for nursing students

By
Andrea Fox
October 31, 2023
HHS headquarters in Washington

New information blocking rules from HHS could cost noncompliant providers thousands

By
Mike Miliard
October 31, 2023
Physician using multiple EHRs and IT systems

Clinician EHR struggles compromise patient care, study shows

By
Nathan Eddy
October 31, 2023
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

HHS headquarters in Washington
New information blocking rules from HHS could cost noncompliant providers thousands

Most Read

Guardrails, data governance key to solid generative AI outcomes
AHA security leader sees 'AI-fueled cyber arms race'
Multiple data access deals signed in Korea for digital health research
FBI dismantles Qakbot malware targeting hospitals
Boards are grasping cyber threats, but CISOs still feel underprepared
Is your hospital ready for 3-4 weeks of downtime?

Research

White Papers

More Whitepapers

Artificial Intelligence
Analytics
Precision Medicine

Webinars

More Webinars

Analytics
Analytics
Privacy & Security

Video

Elise Kohl-Grant, cochair of the programming committee at the HIMSS New York State Chapter
New York State Chapter of HIMSS focuses on health equity
Dr. Michael Poku, chief clinical officer at Equality Health
Addressing health equity's cost curve
Dr. Michael Pfeffer at Stanford Health Care_Photo: Doctor using tablet by Sean Anthony Eddy/E+/Getty Images
CIO Spotlight: Dr. Michael Pfeffer of Stanford Health Care
Lynn Carroll, COO of HSBlox
Using tech to get to health equity-social determinants of health link

More Stories

A pharmacist doing an inventory using a digital tablet.
There is no escaping making investments in cybersecurity...
group of healthcare workers talking over hospital bed
Modernizing clinical placement to accelerate clinician training and recruitment
A male doctor sits with another man and they are looking at SDOH data on a mobile device.
Tufts Medical Center to pilot nutrition screening in EHR
Lynn Carroll, COO of HSBlox
Using tech to get to health equity-social determinants of health link
Yale New Haven Health
Yale New Haven radiologists boost CT scan reviews with AI
Dubai Health Authority
The current state of Dubai’s healthcare digital transformation journey
Leah Dewey, VP of clinical and consumer engagement operations at Cotiviti.
Payers have a part to play in addressing health disparities
Christie Teigland, vice president of research science and advanced analytics at Inovalon.
Medicare Advantage plans' star ratings to be affected by Health Equity Index