On December 14, 2018, Mind and Motion Developmental Centers of Georgia reported a data breach that affected protected health information (PHI) of 16,000 patients. Patient information such as names, birth dates, addresses, Social Security numbers, medical history, medical diagnoses, and health insurance details may have been stolen.
On September 30th, authorities at Mind and Motion Developmental Centers discovered that one of its company servers was infected with ransomware. The ransomware was installed on a server that stores Mind and Motion's medical records.
Mind and Motion's officials immediately hired a third-party IT security firm, TeamLogic IT, to recover lost data, analyze the attack entry point, and strengthen security protocols. The investigations revealed that the malware didn’t spread to Mind and Motion’s other servers. It was discovered that in addition to ransomware, an inactive keylogger, a spam mail generator, and other minor malware were installed on the server.
With help from TeamLogicIT, all malicious software was removed. Mind and Motion has changed all of its account passwords and has strengthened its password policy; both the anti-malware and antivirus software were upgraded as well. Encryption has also been added to its email accounts, along with spam protection. Mind and Motion also hired a compliance consulting firm to ensure HIPAA compliance during recovery and provide HIPAA compliance coaching to all employees. Mind and Motion reported the breach to the Department of Health and Human Services as quickly as possible. All affected patients have been notified about the breach by mail.
Don't want to make the news for the wrong reasons? Download ManageEngine DataSecurity Plus, a tool that can detect, classify , and secure personal data , and mitigate ransomware attacks.
Even though Mind and Motion Developmental Centers had antivirus software installed, it couldn't withstand the attack. What it needed was an advanced solution that is capable of detecting and responding to ransomware attacks, something like DataSecurity Plus.
DataSecurity Plus is an automated ransomware threat identification and mitigation solution that:
Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.
You will receive weekly cybersecurity news soon!
© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.