ABCD Children’s Pediatrics also discovered other evidence of hackers on the network, which included suspicious user accounts.
A ransomware attack at San Antonio-based ABCD Children’s Pediatrics may have breached the data of 55,447 patients.
Affected files may have included patient names, Social Security numbers, insurance billing information, dates of birth, medical records, laboratory results, procedure technology codes, demographic data, address and telephone numbers.
Pediatric patient records are a high commodity on the dark web, according to ICIT Senior Fellow James Scott. There two markets for child records, one including tax fraud. These are long form, full medical records available for sale.
Investigators determined it was the Dharma virus, a variant of the Crisis ransomware family. While this virus doesn’t typically exfiltrate data, the provider was unable to rule it out, officials said.
The investigation also found more evidence of hackers accessing ABCD’s network via suspicious user accounts.
The IT team at ABCD was able to remove the virus and restore affected data from backups. No confidential data was lost, officials said. The organization never received a ransom notice or other communication from the hackers.
“ABCD remains concerned because it discovered user logs indicating that computer programs or persons may have been on the server for a limited period of time,” officials said in a statement.
ABCD alerted the FBI for further investigation, contacted the U.S. Department of Health and Human Services and began notifying patients on March 23. Officials said ABCD is still assessing physical and cybersecurity, although it found the source of the intrusion and has modified security to prevent a future incident.