Airway Oxygen hit by ransomware attack

Wednesday, July 5, 2017

WYOMING, Mich. – Airway Oxygen has experienced a ransomware attack affecting 500,000 individuals, according to the breach portal of the Office for Civil Rights of the Department of Health and Human Services. In a notice to customers, Airway Oxygen said it learned that an unidentified criminal(s) had gained access to its technical infrastructure and installed ransomware to deny the company access to its own data. “We have no indication that any of your protected health information stored on the computer network was accessed and acquired,” it stated in the notice. “Nevertheless, we wanted to provide notice to you so that you would be aware of the situation.” Airway Oxygen said the types of protected health information involved in the breach include full name, home address, birth date, telephone number, diagnosis, type of services provided and health insurance policy numbers. It said no bank account numbers or debit or credit card numbers were exposed in the breach. Since learning of the incident, Airway Oxygen said it has taken steps to secure its internal systems against further intrusion, including scanning the entire internal system; changing passwords for users, vendor accounts and applications; conducting a firewall review; updating and deploying security tools; and installing software to monitor and issue alerts as to suspicious firewall log activity. “We have hired a cyber-security firm to assist in conducting an investigation to assess the case and impact of the breach,” it stated. “In addition, we are identifying further actions to reduce the risk of this situation recurring.”