Two servers were hit but the issue was resolved and no ransom was paid to the attackers.
Keck Medical Center of USC said it suffered a ransomware attack on servers at two hospitals but was able to remedy the problem and retrieve data without paying a ransom.
The incident began August 1 when employees at Keck Hospital of USC and Norris Comprehensive Cancer Care Center detected ransomware on two servers, Keck Hospitals CEO Rod Hanners said in a statement posted on the USC Keck website.
The malware attack encrypted files on both servers, which made the servers inaccessible to employees, but there is no evidence that any medical files were breached, according to the statement.
"Our investigation has not revealed any evidence that data was retrieved or accessed as a result of this ransomware," said Hanners.
USC notified patients because certain sensitive information was in the folders encrypted by the malware.
The servers affected by the ransomware did not store Keck's electronic medical records system, but some data on the servers included departmental files that contained internal operational documents.
Data potentially affected by the incident included names and demographic information, dates of birth, identifiable health information—including treatment and diagnosis for some patients—and, in certain cases, Social Security numbers.
USC contacted the FBI, began an internal forensic investigation, and hired Ernst & Young, LLP to review the steps it took to investigate the matter. The attack "was quickly contained and isolated to prevent the
spreading of malware to other servers, USC officials said.
"The medical center was able to fully restore the data from the encrypted folders to the servers. No ransom was paid."