The computer network of Goodman Campbell Brain and Spine, a large, independent surgical group based in Carmel, has been hacked, compromising patient and employee data.
The cyber-attack took place on May 20, the company said in a press release issued on Friday. As of Monday—13 days after the attack—the company’s phone system was still not responding.
“Currently, all our systems are down, including our phone system,” said a recorded greeting on the company’s main phone number.
The phone system has since changed its recorded greeting and is now accepting calls.
A Goodman Campbell spokesman said Tuesday the company has engaged a forensic analysis and incident response firm. It also notified the FBI cybercrimes division to assist with the case and is actively working with FBI ransomware experts.
The company did not say whether the hackers have demanded ransom, as hackers have done at several other health institutions, including last year at Eskenazi Health.
Hackers have also broken into the computer systems of Johnson Memorial and Hancock Memorial in the past two years.
Goodman Campbell did not say how much or precisely what kind of data might have been compromised.
“Though we have not yet been able to verify the full nature and extent of personal data that may have been compromised, initial analysis indicates that both Goodman Campbell patient and employee data has been accessed by an unauthorized party,” the group said Friday in a press release.
The surgical group said in its announcement it “immediately took steps to safeguard” its affected systems, eradicate any malicious activity and begin restoring its systems.
“The security of our patients’ and employees’ data is of the utmost importance, and we deeply regret that this attack on our systems occurred,” the statement said. “When this investigation into the cyber-attack is complete, we will be reaching via U.S. Mail to those impacted patients and staff members.”
Goodman Campbell did not immediately respond to questions from IBJ, transmitted through an outside public relations firm that represents the company.
Last year, ransomware attacks on health care organizations increased by 94%, according to the 2022 State of Ransomware Report from cybersecurity firm Sophos. The report is based on a global survey of 5,600 IT professionals and included interviews with 381 healthcare IT professionals from 31 countries, according to HIPAA Journal, a news organization that reports on patient privacy.
Goodman Campbell, based at 13345 Illinois St. in Carmel, was founded in 2010 through the merger of the Indianapolis Neurosurgical Group and the Indiana University Department of Neurological Surgery.
Its surgeons treat a wide range of difficult medical conditions on the brain and spine, including aneurysms, concussions, pituitary disorders, spinal discs, tumors, injuries and degenerative diseases.
Please enable JavaScript to view this content.
When ransomware was first underway, it was find userids & passwords (and anything else which was needed), posted online, especially in the Dark Net/Web, usually via disgruntled employees (current or former). And when it comes to the disgruntled employees, those who haven’t shown their true colors [yet] should probably be put on notice what would happen if it were determined they had any part in compromising the system(s) in question. Personally, if you’re that PO’d: leave. If you’re that good, your loss will be revenge enough.
Now? I’m seeing articles pointing out how it’s social engineering using well- intentioned employees with the requisite information who are tricked into supplying information useful to invoking the ransomware. Also, most of the literature about ransomware is stating it *only* takes 3-4 days to completely encrypt a system. Personally, that’s 3-4 days when it should be detected.
.
Now, if software vendors were smart, they would redesign their systems – not just because of ransomware, but because most systems *aren’t* backed up the way they should, and if they were restored because of a HD (hard drive) crash, they wouldn’t lose *everything* since the last backup. Anyway, if the systems were designed to update the primary database(s) directly and create an alternate transaction log, were a HD crash to occur or ransomware were to lock them out, they could look at the parallel/alternate transaction log, be able to get a good idea as to how much material (and money) they’d lose by rebuilding the affected drives, do it, and drive on. When measuring the cost of a duplicate/parallel software system vs. that of ransomware (sometimes it *can’t* be repaired/unlocked), which is more cost prohibitive?
P.S. From Wired — what’s more profitable than ransomware?
.
https://www.wired.com/story/business-email-compromise-bec-ransomware-scams/
“Fake Windows Updates Trick Users Into Installing Ransomware” 6/8/2022
.
https://www.itprotoday.com/vulnerabilities-and-threats/fake-windows-updates-trick-users-installing-ransomware
“It Doesn’t Pay to Pay: Study Finds Eighty Percent of Ransomware Victims Attacked Again”
.
https://www.securityweek.com/it-doesnt-pay-pay-study-finds-eighty-percent-ransomware-victims-attacked-again