The Epilepsy Foundation of Metropolitan New York (EFMNY) was the target of an attack ransomware which led to patient data breach.
EFMNY is an organisation that aims to promote awareness of epilepsy. It helps people to identify options treatment and related resources.
The institution detected the cyber attack, which affected part of its network, encrypting certain systems.
The attack "led to the unauthorized Accessed at and/or acquisition of certain files from the network“, cited from in the breach notification letter.
See also: GHC-SCW: Ransomware attack and patient data breach
This is a typical ransomware attack double blackmail. The hackers first steal data, then encrypt it on the victim's machines, and then threaten to publish it if a ransom is not paid.
At the moment, no ransomware gang has publicly claimed responsibility for the attack.
The EFMNY data breach includes the following information:
- Date of birth
- Social security number
- Account number
- Medicare Identity Card
- Medicaid ID
- Diagnosis code
- Treatment location
- Type of procedure
- Provider name
- Cost of treatment
- Date of medical services
- Billing/Extension information
- Health insurance information
Upon investigation, EFMNY learned that the electronic health records database was not affected. However, some Documents and envelopes to the affected persons systems were hacked by the hackers.
See also: Ransomware gang uses new trick to get the ransom
The EFMNY reviewed all documents and files involved in the data breach. After "a comprehensive manual review" of the affected data, the foundation concluded that individual personal information may have been exposed for different individuals.
What security measures can be taken to prevent future attacks
One of the most important security measures is the Education of the staff on how to identify and prevent ransomware attacks. This may include learning how to identify suspicious emails and phishing attacks.
In addition, it is important to maintain updated the security software, including programmes antivirus and firewall. Up-to-date security systems can detect and block attacks before they cause damage.
See also: Reduction of ransomware attacks in 2024
It is also important to backed up regularly of important data. In the event of a ransomware attack, the copies Security can be used to restore data without the need to pay a ransom.
Finally, the use of multi-factor verification can provide an extra level of security. This means that the user will have to provide two or more forms of proof of identity to gain access to the system, making it more difficult for attackers to gain access (e.g. EFMNY data breach).
Source: cybernews.com
 έγινε στόχος επίθεσης ransomware που οδήγησε σε παραβίαση δεδομένων ασθενών.){kind=link}