Pennsylvania Maternal & Family Health Services Announces Ransomware Attack
Table of Contents
- By Steven
- Jan 30, 2023
Anyone paying even little attention to cybersecurity knows that medical practices and services are some of the most targeted institutions in the world. Medical services often hold the most valuable stolen information available on the dark web – aside from government files, obviously, and a lesser-known one; diplomas. Hackers can steal someone’s identity nearly effortlessly with their medical information, and hackers can do a large amount of authentication with the information gathered in medical breaches.
How Did the Attack Occur?
The hacker carried the attack out via ransomware. Typical ransomware attacks can last anywhere from a few hours to a few days (the longest ransomware attack in history lasted four days and is labeled the WannaCry ransomware attack). During this time, the hackers lock the targeted systems, demanding a ransom in exchange for the “safe return” of the information. There is no guarantee that the information will be returned or that there will be no misuse of said information outside of the hacker’s word; and as we all know, there is no honor among thieves. As a result, most companies have protocols to deal with this. The Maternal and Family Health Services immediately launched into its protocol and began investigating the breach.
What Information Was Viewed or Stolen?
The hackers accessed a plethora of incredibly delicate information. Addresses, names, driver’s license numbers, social security numbers, payment card, and other financial account information, health insurance information, and other medical information were all involved, putting all 90,000 victims at incredibly high risk. “Please note that there is no evidence at this time that any of your personal information has been misused as a result of the incident,” MFHS asked victims.
How Did MFHS Admit to the Breach?
The Maternal and Family Health Services admitted to the breach about nine months after the incident, notifying the California Attorney General’s Office on January 10, 2023. It read, “On or about April 4, 2022, Maternal & Family Health Services experienced a ransomware incident… We have worked diligently to determine what happened and what information was involved as a result of this incident. A third-party forensic investigation determined the incident occurred between August 21, 2021 and April 4, 2022.”
What Will Become of the Stolen Information?
The hacker has a few options as to what they can do with the stolen information. They could sell, use it, even steal thousands of people’s identities, and more. One thing most people don’t know is that a hacker can use your medical insurance if they access it.
What Should Affected Parties Do in the Aftermath of the Breach?
After any breach concerning personal information, you should file a police report. It is too often overlooked and leaves a good number of people in bad situations. You should also invest in identity monitoring services, which IDStrong can offer you. We also provide dark web and credit monitoring and will alert you almost immediately if your information shows up on the black market.