The Center for Vitreo-Retinal Diseases in Libertyville, IL, has announced that it was recently the victim of a ransomware attack.
The attack was first noticed on September 18, 2018, and resulted in the encryption of data on the organisation’s servers. The investigation into the breach suggests the attacker may have gained access to the protected health information of 20,371 patients that was stored on the affected servers.
Ransomware is software which denies the user access to their device, or certain files on the device, until a ransom has been paid to the scammer.Ransomware attacks are becoming increasingly common, and the malware is even available on the dark web. The malware is often delivered through targeted phishing attacks.
The attack appeared to have been conducted with the intention of extorting money from the practice, as opposed to accessing the confidential information of patients. Investigators found no evidence of unauthorised data access, although they have not ruled out the possiblility that patient information was accessed by the attacker. Since the attack there has been no evidence of unauthorized data access, data theft, or misuse of patient information.
The information that was potentially compromised included names, addresses, telephone numbers, birth dates, health insurance information, health data, and the Social Security numbers of Medicare patients. The affected patients are at a higher risk of becoming victims of identity theft, and have been advised to monitor all of their accounts for suspicious activity.
The Center for Vitreo-Retinal Diseases has since reviewed its security protections and has taken steps to prevent similar security breaches from occurring in the future. In accordance with HIPAA’s Breach Notification Rule, notification letters were sent to those affected by the attack. A toll-free number was set up for patients to learn more about the incident.
In the breach notification placed on their website, the Center said: “The privacy and security of patient information is a top priority for the Center for Vitreo-Retinal Diseases, which deeply regrets any inconvenience or concern this incident may cause.”
The Center for Vitreo-Retinal Diseases have not been the only organisation to fall victim to a ransomware attack in recent times. Woonsocket, RI-based Thundermist Medical Center experienced a ransomware attack on the evening of Thursday, November 28. It was reported that the attack took some of its computer systems out of action.
“We acted quickly to protect patient data, limit the attack and continue to provide safe patient care. Patient and employee information was not compromised. We are open and there was little impact to patient care,” said a statement on the center’s home page. “We started our emergency plan. We cancelled appointments that could not be safely completed without access to our electronic health record. We contacted the Rhode Island Department of Health and Rhode Island State Police.”