Digital Forensics Dispatch

Digital Forensics Blog
by Sensei Enterprises, Inc.

FBI Recovers Stolen Patient Data from Oregon Healthcare Provider

December 21, 2021

Sarah Coble, of Infosecurity Magazine, recently wrote about the efforts of the Federal Bureau of Investigation (FBI) to recover data stolen from an Oregon healthcare provider during a cyberattack. Over the summer, the Oregon Anesthesiology Group experienced a ransomware attack in which cybercriminals made off with approximately 750,000 patients’ personal health information (PHI).

The Oregon Anesthesiology Group hired an outside digital forensics firm to investigate the data breach. Through the course of the investigation, the firm’s experts determined that the attackers managed to gain access to data that belonged to 522 current and former employees as well as sensitive patient information.

“Areas of the network impacted by the attack contained files in which names, addresses, dates of service, diagnosis and procedure codes and descriptions, medical record numbers, insurance provider’s names and insurance ID numbers were stored,” writes Coble.

The employee data compromised could include items such as names, addresses, and Social Security Numbers.

The healthcare provider was able to restore their systems from backups and worked to rebuild its IT infrastructure. In October, the FBI contacted the provider to share information on how the attack on their systems was executed.

The data breach notice from the Oregon Anesthesiology Group (OAG) provides further information about what the FBI discovered about the attack.

“On October, 21, the FBI notified the OAG that it had seized an account belonging to HelloKitty, a Ukrainian hacking group, which contained OAG patient and employee files” the notice states.

The data breach notice also includes information about what affected individuals can do if their data was compromised in the attack.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology