Enterprise IT security news and advice

Online Storage Vendor Pays Ransom to Retrieve Healthcare Data Stolen During Cyberattack

The protected health information (PHI) of 29,982 patients of Harvard Eye Associates located in Laguna Hills, CA was potentially stolen due to a cyberattack on its cloud storage provider. The medical and surgical eye care services provider received notification on January 15, 2021 that cyber attackers acquired access to the computer network of its storage vendor and exfiltrated data.

It’s not sure if the attackers had encrypted files to block access; nonetheless, there was a ransom demand issued for the recovery of the stolen information. The storage vendor discussed with cybersecurity specialists and the Federal Bureau of Investigation and made a decision to give the ransom payment.

The hackers gave back the stolen information and offered guarantees that they did not keep any copies of the data and there were no more exposures of the stolen data. The cybersecurity professionals hired by the security vendor are checking the Web and darknet and didn’t come across any information that indicates the selling or exposure of the stolen data on the internet. An investigation into the breach showed that the hackers initially acquired access to its computer programs on October 24, 2020.

The hackers likely obtained these types of patient information: patients’ names, telephone numbers, addresses, email addresses, birth dates, medical histories, medical insurance data, prescribed medicines, and details concerning treatment given at Harvard Eye Associates.

Harvard Eye Associates gives billing and other management services to Alicia Surgery Center based in Laguna Hills, which involves access to the types of information earlier stated. The security breach, in the same way, impacted Alicia Surgery Center patients. It is at the moment unknown how many Alicia Surgery Center patients were affected.

Harvard Eye Associates and Alicia Surgery Center mentioned in their web page breach notices that impacted persons will receive notification letters and free credit monitoring and identity theft protection services.

Share This Post On