Epilepsy Foundation of Metro NY hit by ransomware attack

The Epilepsy Foundation of Metropolitan New York has been the target of a ransomware attack that revealed sensitive patient data.

The Epilepsy Foundation of Metropolitan New York (EFMNY) is an organization that aims to promote awareness surrounding epilepsy while helping people locate treatment options, support, and resources.

The foundation observed that a cyberattack impacted a part of its network environment, leaving certain systems encrypted.

The attack “resulted in the unauthorized access and/or acquisition of certain files from within the network,” the breach notification letter reads.

The attack follows a typical double-extortion ransomware scenario: criminals first exfiltrate the data and then encrypt it on a victim's machines, threatening to release the data if the demands aren't fulfilled.

Cybernews has contacted the organization to see whether they have received a ransom demand and will update the article accordingly.

According to Cybernews' dark web monitoring tools, no ransomware gangs have publicly claimed the foundation as a victim on their data leak sites.

The information involved includes:

  • Date of Birth
  • Social Security number
  • Account number
  • Medicare ID
  • Medicaid ID
  • Diagnosis code
  • Treatment location
  • Procedure type
  • Provider name
  • Treatment cost
  • Medical date of service
  • Billing/Claim information
  • Health insurance information

Upon investigation, the EFMNY learned, with the help of cybersecurity experts, that its electronic health record database was not affected. However, certain documents and folders within the affected systems had been accessed by an unauthorized party.

The EFMNY reviewed all the affected documents and folders. After “a comprehensive manual review” of the affected data, the foundation concluded that “individual personal information may have been accessed and/or acquired by the unauthorized party.”

“Out of an abundance of caution,” the EFMNY is providing affected individuals with access to credit monitoring services.

More from Cybernews:

Ft. Worth, Texas county agency hit by Medusa ransomware gang

Apple privacy protections called into question

The $100 cybersecurity budget – how cyber pros would spend it

Microsoft is certain its Arm-based AI PCs will outperform the newest MacBook Air

Regrets among some Apple Vision Pro users as headset sits unused

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked