Salem Clinic affected in ransomware attack aimed at Portland-based mail-processing business
The Salem Clinic staff is notifying more than 20,000 patients about a nearly two-year-old data breach targeting their service provider, Metro Presort, that may have compromised names, addresses and health identification.
The ransomware attack on Metro Presort, a Portland-based printing and mail processing business, occurred May 6 through 15 of 2019 during what was thought to be a server outage.
Criminals demanded payment to unlock the company's systems and information and made the data stored on them unusable, including all customer data files, according to Metro Presort officials.
Metro Presort did not pay the ransom.
The attack involved malware known as “RYUK,” which frequently has been used to attack banks and large health care organizations, officials said.
At the time of the attack, Metro Presort was processing mailings for 21 health care organizations, including Salem Clinic and the Oregon Heart Center, including marketing materials, statements, and invoices.
Officials say 20,928 Salem Clinic, P.C. customers' information may have been compromised; another 3,172 Oregon Heart Center, P.C. customers were also affected.
Some of the customer data files contained only names and addresses, while others also contained health plan identification numbers and treatment information.
No Social Security numbers, other government identification numbers or financial account information, such as credit card or bank accounts, were stored on Metro Presort’s systems.
Though there was no evidence that someone actually accessed any customer data files, company leaders said they could not rule out the possibility that the attacker could have had the ability to access files, officials said.
And on Dec. 31, 2020, OCR issued a ruling finding no violations of HIPAA and closed its investigation.
“It is distressing that there are people in the world deliberately wrecking businesses and trying to profit from others’ losses, while also potentially causing problems for individuals," said Brad Barton, President of Metro Presort. "We take our responsibility to protect and take care of our clients’ information very seriously."
Affected individuals should regularly monitor their personal accounts and information for any unusual activity.
If affected individuals notice any unusual activity, then they should immediately notify their financial institutions and healthcare providers. Individuals who receive notices in the mail from their health care providers or plans may call (833) 971-3304 from 9 a.m. to 5 p.m. Pacific Time Monday-Friday, if they have any questions.
Metro Presort processes customer printing and mailing work orders by receiving electronic data files containing addressee information and letter content known as “customer data files” through a secure online portal. It temporarily stores and processes these files on company servers.
The ransomware attack on Metro Presort, a Portland-based printing and mail processing business, occurred May 6 through 15 of 2019 during what was thought to be a server outage.
Criminals demanded payment to unlock the company's systems and information and made the data stored on them unusable, including all customer data files, according to Metro Presort officials.
Metro Presort did not pay the ransom.
The attack involved malware known as “RYUK,” which frequently has been used to attack banks and large health care organizations, officials said.
At the time of the attack, Metro Presort was processing mailings for 21 health care organizations, including Salem Clinic and the Oregon Heart Center, including marketing materials, statements, and invoices.
Officials say 20,928 Salem Clinic, P.C. customers' information may have been compromised; another 3,172 Oregon Heart Center, P.C. customers were also affected.
Some of the customer data files contained only names and addresses, while others also contained health plan identification numbers and treatment information.
No Social Security numbers, other government identification numbers or financial account information, such as credit card or bank accounts, were stored on Metro Presort’s systems.
Though there was no evidence that someone actually accessed any customer data files, company leaders said they could not rule out the possibility that the attacker could have had the ability to access files, officials said.
And on Dec. 31, 2020, OCR issued a ruling finding no violations of HIPAA and closed its investigation.
“It is distressing that there are people in the world deliberately wrecking businesses and trying to profit from others’ losses, while also potentially causing problems for individuals," said Brad Barton, President of Metro Presort. "We take our responsibility to protect and take care of our clients’ information very seriously."
Affected individuals should regularly monitor their personal accounts and information for any unusual activity.
If affected individuals notice any unusual activity, then they should immediately notify their financial institutions and healthcare providers. Individuals who receive notices in the mail from their health care providers or plans may call (833) 971-3304 from 9 a.m. to 5 p.m. Pacific Time Monday-Friday, if they have any questions.
Metro Presort processes customer printing and mailing work orders by receiving electronic data files containing addressee information and letter content known as “customer data files” through a secure online portal. It temporarily stores and processes these files on company servers.