Rhode Island's Thundermist Health Center was hit by a ransomware attack on Thursday which successfully disrupted some of its computing systems leading to canceled appointments.
Thundermist Health Center is a Federally Qualified Community Health Center which serves thousands of patients from central, northern, and southern Rhode Island, in three surrounding communities: West Warwick, Woonsocket, and South County.
"We act quickly to protect patient data, limit the attack and continue to provide safe care to the patient," said Thundermist's website after the incident. "Patient and employee information was not compromised. We are open and there is little impact on patient care."
According to a statement made by Amanda Barney, Associate Vice President of Communications and Development. to WPRI, the hackers locked out Thundermist's staff out of the infected machines.
Moreover, the computing systems that were not impacted by the ransomware attack were shut down by the staff to block the ransomware malware from spreading to other systems.
The health provider is in contact with law enforcement agencies
"We started our emergency plan. We cancel appointments that could not be completed safely without access to our electronic medical registration," also said Thundermist's statement.
The health center also got in touch with local law enforcement agencies and the health department to further investigate the security incident.
"We contacted the Rhode Island Health Department and the Rhode Island State Police. We are now open normal business hours," stated Thundermist.
Thundermist said that no patient electronic medical records (EMR) were impacted in the event attack and given the way ransomware attacks work with data being encrypted and very rarely also being exfiltrated, there's a very small chance that the ongoing investigation will find any compromised health records.
According to a Beazley Breach Response (BBR) Services report from November 7, during the Q3 of 2018 ransomware attacks were at an all-time high and the ransoms asked from impacted organizations to decrypt files have also seen a serious increase.
Furthermore, "Healthcare is still the most targeted industry (37%). The next hardest hit sector was professional services (11%)," said BBR's report. "In Q3, financial institutions saw an 18 percentage points increase in ransomware attacks over the previous quarter."