OKLAHOMA CITY (KFOR) – A ransomware group called Suncrypt is claiming responsibility for a cyber-attack against the OKC Indian Clinic, a metro nonprofit healthcare organization.
The attack potentially puts the health and financial data of patients at risk.
The clinic sent KFOR a statement on the incident Monday:
“Earlier this month, Oklahoma City Indian Clinic (OKCIC) discovered that certain systems were inaccessible and immediately deployed all available resources to investigate, including third-party forensic specialists. As part of our investigation, we discovered that the OKCIC was the victim of a cyber attack. While our investigation remains ongoing at this time, we currently do not have evidence of unauthorized access to patient information. OKCIC is taking the necessary and appropriate steps to address this incident and comply with applicable regulations, and will continue to do so as our investigation proceeds.”Oklahoma City Indian Clinic
“There’s going to be a challenge setting appointments, a challenge making sure that everyone probably in the clinic has to reset their user names, and passwords, probably work on some hardware firewall stuff,” said Patrick Allmond with Focus Marketing on the incident. “Just revisit everything in security from top to bottom.”
The ransomware group claims to have stolen 350 gigabytes of data, including health records and financial documents.
The attack reportedly also affected some computer systems and even the clinic’s auto-prescription refill system.
This forced them to bring in third party forensic specialists to investigate.
“Unfortunately, ransomware is getting more common and harder to actually trace the money,” Allmond said.
As per the clinic’s statement, they have no evidence of “unauthorized access to patient information” right now, but the investigation is ongoing.
Allmond added that ransomware is a dangerous situation.
“Before this happened, they probably didn’t know that that backdoor was there, so hackers, unfortunately, have a lot of time and resources to find backdoors. Once they do, unfortunately, it’s profitable,” he said. “Unfortunately, ransomware often works, and so, to get access to that information, I wouldn’t be surprised if this clinic actually has to pony up the money in whatever currency it is.”
While that may not necessarily be the case at this time, according to the clinic, they say they are currently addressing the incident.
So, the current investigation will reveal details when it ends.
“Our medical information is very important to us, and I think that I think that the patients of that clinic would feel a lot more secure knowing that their information was protected,” Allmond said.
Allmond says 350 gigabytes of data can be a lot or a little depending on if it’s all text or all pictures or documents. Allmond said he thinks it’s somewhere in between.
Again, the clinic said they have no evidence of unauthorized access to patient records at this time, but they are still investigating.