Personal data of over 500,000 Oakbend Medical Centre's patients stolen by hackers

Another hospital system has gone down in a ransomware attack with half a million patient records accessed just weeks after one of the biggest healthcare hacks in US history.

Texas-based OakBend Medical Center said names, dates of birth, addresses, email addresses and social security numbers had all been accessed in the cyberattack last Thursday.

The nonprofit hospital chain company operates three hospitals as well as emergency centers, imaging centers and physical therapy clinics hospital in the greater Houston area.

The medical system reported the data breach to the Department of Health and Human Services (HHS) on October 28, stating that around 500,000 individuals had been affected.

Daixin Team a ransomware and data extortion group has claimed responsibility for the attack.

The group is financially motivated and emerged in June this year. Its previous victim is Fitzgibbon Hospital in Missouri, where the team claim to have stolen 40GB of sensitive data containing employee and patient records.

The group is actively targeting the healthcare sector, a joint alert from the FBI, Cybersecurity and Infrastructure Security Agency, and Department of Health and Human Services released last month said.

It comes after CommonSpirit Health - a hospital system that spans 21 states and has 20million patients on its register - fell victim to a similar ransomware attack.

CommonSpirit admitted 'some' of its systems are still down after a ransomware attack in early October. The incident led to a three-year-old Iowa being being overdosed on pain meds, and delays to critical scans and surgery.

Unlike OakBend Medical Center, CommonSpirit is still refusing to say who did the hack, if patient data was accessed, and if so, how many records were obtained.

In an update to patients, OakBend said it believed a ‘limited amount of data’ was actually lifted from the IT system, and that the hackers did not remove patient’s entire medical records.

But it said that the hackers were able to access and remove employee data and reports that contained ‘personal and medical information’ of current and former patients.

A sample of data shown to DataBreaches.net is said to contain BMIs, heights, weights, last admission date and medical record number.

OakBend said: ‘While we know that the cybercriminals had sufficient access to OakBend’s systems to encrypt our data, our investigation indicates that a limited amount of data was actually transferred out of the OakBend computing environment.

‘For example, we do not believe that the cybercriminals were able to remove the entire medical record of OakBend’s patients.’

It added: ‘It does appear, however, that the cybercriminals were able to access and/or remove certain employee data sets and certain reports that included the personal and medical information related to our current and former patients, employees, and related individuals.

‘In some instances, this information may have included the name, contact information (such as street and email address), social security number, and date of birth for the impacted individuals.’

It said it has contacted the individuals it believes have been affected, and will be offering them ‘certain identity theft protection services’ for a ‘limited period of time’.

However, ransomware group Daixin Team claimed responsibility for the OakBend attack, and claimed to have stolen over a million patient records.

It said it obtained patient account numbers and medical and treatment information which could be used for things such as ‘opening new financial accounts, taking out loans… filing fraudulent tax returns… and giving false information to police during an arrest’.