Six More Healthcare Providers Impacted by Ransomware Attacks

GBMC HealthCare in Maryland, Golden Gate Regional Center in California, and Dyras Dental in Michigan have recently suffered ransomware attacks and Allegheny Health Network, AMITA Health, and Bayhealth have announced they have been affected by the ransomware attack on Blackbaud Inc.

GBMC HealthCare

Towson, MD-based GBMC HealthCare has announced it suffered a ransomware attack on December 6, 2020 that forced its computer systems offline and the healthcare provider is now operating under EHR downtime procedures while the attack is mitigated.  GBMC HealthCare had planned for such an attack and had processes in place to ensure care could continue to be provided to patients while keeping disruption to a minimum.

Safe and effective care continues to be provided to patients and its emergency department did not stop receiving patients; however, some elective procedures scheduled for Monday 7, December were postponed. Efforts are underway to bring systems back online and restore the encrypted data and law enforcement has been notified and is investigating the attack. The Egregor ransomware gang has claimed responsibility for the attack.

Golden Gate Regional Center

Golden Gate Regional Center, a provider of services for individuals with developmental disabilities in Marin, San Francisco, and San Mateo counties in California, identified suspicious activity on its computer systems on September 23, 2020. The investigation revealed the protected health information of 11,315 had been exfiltrated from its computer systems prior to the deployment of ransomware.

Data stolen in the attack was limited to names, GGRC client identification numbers, service codes/descriptions, vendor/service provider names/numbers, month or year of service, and cost information related to the services provided. The investigation did not uncover evidence to suggest any stolen data has been misused. Affected individuals were notified by mail in November and complimentary identity theft protection services have been provided to breach victims.

Dyras Dental

Dyras Dental in Lansing, MI has experienced a ransomware attack involving Egregor ransomware, although this has not been confirmed by the dental service provider. A dump of data stolen in the attack was identified by on September 24, 2020. Attempts were made to contact Dyras Dental, but no response was received. has referred the breach to the Department of Health and Human Services’ Office for Civil Rights as it would appear that the breach has not been reported and patients have not received notification that their PHI has been stolen.

According to, the dumped data included over 100 files that included insurance billing information, employee W-2 statements, and voicemail recordings containing PHI.

Allegheny Health Network, AMITA Health, and Bayhealth Impacted by Blackbaud Ransomware Attack

Pennsylvania-based Allegheny Health Network, Illinois-based AMITA Health, and Delaware-based Bayhealth have recently announced they have been impacted by the ransomware attack on the software and cloud computing services provider Blackbaud. The healthcare providers used Blackbaud to maintain their fund-raising records and donor databases.

Blackbaud assured the three healthcare providers that no credit card information, bank account information, or social security numbers were compromised in the attack, but some protected health information was stolen by the attackers prior to the deployment of ransomware. Blackbaud paid the ransom demand and received assurances that all stolen data was subsequently destroyed and has not been, and will not be, sold on, published, or misused.

Allegheny Health Network was one of the worst affected clients with the records of 299,507 individuals stolen in the attack. AMITA Health has reported the breach as affecting 261,054 individuals and Bayhealth says 78,006 individuals were affected.

University of Vermont Medical Center Ransomware Attack Cost Could Exceed $63 Million

Ransomware attacks can prove extremely costly. The October 2020 ransomware attack on the University of Vermont Medical Center has reportedly cost more than $1.5 million per day in lost revenue and increased expenses, according to hospital president Stephen Leffler, not including the cost of getting its systems back up and running. The attack occurred on October 28, 2020 and 42 days later losses continue to be experienced. Lost revenue and expenses could exceed $63 million.

The hospital has restored many systems and is operational; however, around 30% of the 600 applications used by the hospital remain out of action and disruption is still being experienced in some areas. Most of the radiology systems have now been restored, although that process has taken around six weeks, cancer treatment capabilities are still not fully restored, sleep studies have not been restarted, and the process of addressing the backlog of postponed appointments and entering handwritten records into its systems is expected to take several more weeks.

Resource: HipaaJurnal