Previously, R1 RCM Inc., under different name had several incidents involving thefts of laptops containing unencrypted patient data.
R1 RCM, formerly Accretive Health Inc., is the latest target of a ransomware attack. It is one of the largest medical debt collection firms in the US, with a turnover of over $1.18 billion in 2019.
RCM refers to the revenue cycle management sector that tracks patient records and profits details throughout their life cycle. This includes details like patient insurance, registration, medical treatment documents, benefits verification, bill preparation, and collection, etc.
The company is not new to incidents involving data related risk factors. In July 2011 when R1 RCM was known as Accretive Health, someone stole the company’s laptop containing unencrypted patient data that was stolen from the personal vehicle of one of its employees.
In 2012, a US Senate inquiry revealed that there were nine such incidents in 2011 involving thefts of patient data-bearing company laptops. It was also reported that 30 company laptops had lacked encryption.
Now, according to cybersecurity journalist Brian Krebs, the Chicago-based company’s systems were taken down after being hit by a ransomware attack.
Krebs reported that it is a concerning issue since the company has access to a treasure trove of private, financial, and medical data of millions of patients, including their Social Security Numbers and medical diagnostic data, apart from names and contact information.
It isn’t clear when the attackers breached the company’s networks as the incident occurred around one week back at a time when R1 was gearing up to release its 2nd quarterly financial results for the year 2020. Besides, R1 RCM didn’t provide details of the ransomware strain that targeted its systems.
According to sources, R1’s network was hit by Defray malware. It was first spotted in 2017 and has a history of targeting healthcare firms. Defray malware is distributed via booby-trapped MS Office documents delivered to the targeted system through email.
It is quite likely that R1 RCM’s systems were attacked with a phishing scam. In a similar case recently, the world-renowned cybersecurity training institute SANS suffered a data breach after one of its employees fell for a phishing scam.
Nevertheless, ransomware attacks have become a threat to online cyber-infrastructure of businesses and institutions. Even though certain ransomware groups have promised to not attack medical facilities amidst the pandemic, medical institutions and pharmaceuticals still remain an open territory due to their assumed profiteering from such situations.
One such example is of March 13 when ExecuPharm, a US-based pharmaceutical company was infected with ransomware via a phishing attack. The hackers ended up leaking trove of the company’s data on the dark web.