Agoura Hills electronic medical record company Casamba was the target of a malware attack in November, affecting its home health and hospice products. The company told the Business Journal in an email that all its systems are back to normal and that there is “no indication” that protected health information was compromised. Following the attack on Nov. 14, Casamba notified law enforcement and hired a third-party forensic firm, Charles River Associates, to supplement its ongoing recovery efforts. The firm’s findings received Dec. 21 assert that there was “no evidence that personal or protected data was accessed of exfiltrated,” according to an email from Casamba. “We take security seriously and will continue to make significant investments to further enhance our cybersecurity protocol,” the company said in an emailed statement. “We’d like to thank our customers for their support and understanding.” The company plans to work on upgrades to its anti-virus software, email scanning systems and technology configuration following the attack. Customers numbering in the thousands were unable to send claims to Medicare following the attack, according to home health care industry consultant Tim Rowan, president of Rowan Consulting Associates in Colorado. “(Casamba) said the breach was ransomware so it shut them down, disconnected them from their own data, but it didn’t appear that the hackers had access to the data,” added Rowan, who said he hasn’t seen anything of this magnitude come across his desk for 20 years. “My disaster expert tells me you won’t really know that until months go by, and find out that some of these patients’ data is turning up in odd places. If the hacker does have access to it, they don’t necessarily let anybody know. They might try to sell it, thousands of names. You don’t know, if they had access to it, what they would do with it. There’s no way of learning that in the near term.” In a letter to customers, Casamba said it had established new servers to house production databases, but at that point provided no clear timeline of when everything would be up and running. The team did, however, let customers know they planned to work through that first weekend to bring users of the company’s HomeMobile, HomeOffice and FinancialOffice systems back online, at the agency’s discretion. Rowan suggested that the company emphasize transparency with their customers during the recovery process, as well as reinforce their data protection and train employees to better recognize social hacking, although the company has not released details surrounding the nature of the attack. “It seems to me that ransomware doesn’t get in through a firewall. Ransomware gets in via a naïve or unsuspecting employee who clicks on a suspicious email,” explained Rowan. “So, employee training, it seems to me, (is best). What happens today is social hacking. It’s not sophisticated hacking, getting through firewalls that causes a problem; it’s employee error.” Casamba provides post-acute care software to more than 275,000 clinics, therapists and other health providers on a national level.
