A firewall vulnerability led to a ransomware attack that required the Oregon-based medical group to rebuild its entire IT infrastructure.

The Oregon Anesthesiology Group (OAG) said it suffered a ransomware attack in July that led to the breach of sensitive employee and patient information.

The breach involves the information of 750,000 patients and 522 current and former OAG employees. 

In a statement, the company said it was contacted by the FBI on October 21. The FBI explained that it seized an account that contained OAG patient and employee files from HelloKitty, a Ukrainian ransomware group. 

Read the full article at ZD Net.