Oakbend Medical Center Suffers Ransomware Attack
Over the Labor Day weekend, Oakbend Medical Center in Richmond, TX, suffered a ransomware attack. The attack started on Thursday, September 1, 2022, and saw files on its network encrypted. The medical center said its IT team took all systems offline to contain the attack, and the medical center operated under lockdown procedures while the attack was investigated by the Federal Bureau of Investigation (FBI), the Cyber-Defense Campus CYD), and the Fort Bend County Government Cyberteam.
The internal IT team ensured that all patient-centric systems were secured, and cybersecurity experts from Microsoft, Dell, and Malware Protects were engaged to investigate the attack and assess the security of its systems. Once those systems were cleaned, work commenced on rebuilding those systems and restoring them in a controlled and systematic manner. Disruption is continuing to be experienced, and there have been temporary communication issues for patients, vendors, doctors, and administrators; however, at no point was patient safety at risk and the medical center continued to operate.
In a September 9, 2022, update, Oakbend Medical Center said the recovery process is ongoing and there are still issues with the telephone and email systems, but it is working to resolve those issues as quickly as possible. While Oakbend Medical Center did not confirm whether files containing patient data were exfiltrated from its systems, the ransomware gang responsible for the attack – Daixin Team – claimed on its data leak site that files were stolen prior to file encryption that contained patient information such as names, dates of birth, medical record numbers, patient account numbers, Social Security numbers, and medical and treatment information. Some of the stolen data has been uploaded to the group’s data leak site. The group has threatened to release all of the stolen files, which are claimed to include the protected health information of more than 1 million patients. At the time of publication, it would appear that the ransom has not been paid and all communication between the medical center and Daixin Team has stopped.
A further update was issued on October 7, 2022, stating that Oakbend has become aware that a third party has been sending emails related to the ransomware attack and that steps are being taken to confirm the source and legitimacy of the emails. Oakbend also confirmed that 18 months of credit monitoring services are being provided; however, at the time of the update, the forensic investigation into the data breach has not concluded, the extent to which data has been compromised has not been confirmed, and it is currently unclear to what extent data has been misused.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Daixin Team is a relatively new threat group that is known to attack hospitals. In June 2022, the group conducted an attack on Fitzgibbon Hospital in Missouri and stole and published files containing sensitive patient data.
Update November 10, 2022: Oakbend Medical Center has confirmed that the attackers exfiltrated patient data from its systems. The breach has been reported to the HHS’ Office for Civil Rights as affecting up to 500,000 patients.
