GandCrab ransomware claims another healthcare firm

A medical billing service headquartered in Massachusetts has notified patients of a data breach, saying hackers may have exposed their data. The attack involved the infamous GandCrab ransomware.

Cyber crooks have developed a taste for healthcare institutions and their affiliates in recent years, infecting their systems with ransomware or injecting code designed to steal data for future fraud operations. One of the latest reports of a ransomware infection comes from medical billing company Doctors’ Management Service, Inc., which fell victim to GandCrab operators.

The breach, according to the DMS notice (obtained by, occurred in April of 2017. The organization only discovered the breach in December last year, when the attackers deployed ransomware on a vulnerable workstation via Remote Desktop Protocol (RDP). An investigation later revealed attackers deployed GandCrab, the most prolific ransomware in recent times.

DMS refused to pay the attackers’ ransom demand and recovered its data from backup. Since it can’t be ruled out that the attackers also accessed and stole patient information, though, the company is notifying everyone who may have been affected. If the attackers also copied the data before encrypting it, they would be in the possession of: name, address, date of birth, Social Security number, driver’s license number, insurance and Medicare/Medicaid information and numbers, and medical information, including some sensitive diagnostic information.

Those who have received DMS’s notice are encouraged to use the free credit monitoring service offered by the company. However, since credit monitoring isn’t synonymous with protection against fraud, affected parties are advised to carefully monitor their bank statements for any abnormalities. 

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Filip Truta. Read the original post at:

Secure Coding Practices