FMC Health Suffers Ransomware Attack by ViceSociety

Company Overview

FMC Health is renowned for its board-certified physicians who leverage cutting-edge technology to deliver comprehensive family medical care. The organization accepts a wide range of insurance plans alongside offering self-pay options. With four clinics spread across Amarillo and Canyon, FMC Health ensures accessible healthcare services for patients in these regions.

Impact of the Attack

The ransomware attack has significantly disrupted FMC Health's operations, leading to phone outages at the majority of its clinics. The organization is actively working towards resolving these issues promptly. Furthermore, the attack has compromised the providers' ability to bill and process critical operations such as prior authorizations, thereby hindering patients' access to essential medical services.

Vulnerabilities and Mitigation

Ransomware attacks frequently exploit weaknesses in outdated software or insecure connections. It is speculated that in FMC Health's scenario, the attackers might have targeted internet-connected medical devices or an HVAC system, which provided a backdoor to infiltrate and compromise the healthcare system's internet infrastructure. To counteract such threats, it is imperative for healthcare providers to ensure that all devices and systems are fortified with the latest security updates and that comprehensive cybersecurity measures are rigorously implemented.

Investigation and Response

The U.S. Department of Health and Human Services (HHS) has initiated an investigation into the ransomware attack on Change Healthcare, a significant entity responsible for processing approximately half of all medical claims in the U.S. The HHS Office for Civil Rights is particularly focused on determining whether protected health information was breached and if Change Healthcare, along with UHG, adhered to the Health Insurance Portability and Accountability Act (HIPAA) regulations.

The ransomware attack on FMC Health underscores the critical necessity for healthcare providers to prioritize cybersecurity measures to safeguard patient data and ensure the continuity of healthcare services. The ongoing investigation by HHS further emphasizes the importance of compliance with regulatory standards and the implementation of stringent security protocols to avert future attacks.

Sources

• FMC Health | Primary Care Clinics
• Change Healthcare Cyberattack: Losing Up to $100 Million a Day
• HHS to investigate UnitedHealth and ransomware attack on Change Healthcare
• Health industry struggles to recover from cyberattack on UnitedHealth
• Why UnitedHealth, Change Healthcare were targets of ransomware hackers