Texas-centered Seguin Dermatology has begun notifying patients of a ransomware assault that has likely led to electronic protected health information being wrongly accessed.
The assault happened around or on September 12, 2016, and affected a computer network used by the Bureau of Robert J. Magnon, Doctor of Medicine. The ransomware encrypted many file varieties avoiding data access. Although the computer network wasn’t used to save electronic medical files, a bit ePHI was in the encrypted records.
Upon detection of the ransomware assault, Seguin Dermatology got in touch with an outdoor IT company which was capable to get rid of the ransomware and recondition data from duplicates. A complete forensic investigation of the affected computer network was carried out to find out the level of the assault and whether patient files had been undermined. The IT company established that there was a high possibility that the assailants accessed the ePHI of sick persons. The company was not able to verify whether patient files had been thieved, even though the possibility couldn’t be precluded.
Financial information including debit and credit cards weren’t encrypted and stayed safe and no medical files nor laboratory details were undermined. Nevertheless, the computer network did contain records which included patients’ names, dates of birth, telephone numbers, demographic information, addresses, Current Procedural Technology (CPT) codes, insurance billing details, and in a few cases, Social Security numbers.
Seguin Dermatology proceeded quickly and began alerting patients of the happening within 3 weeks of the end of the inquiry, well within the time period specified by the Health Insurance Portability as well as Accountability Act’s Break Notice Law.
A detailed evaluation of computer and physical security is being carried out and measures will be taken to increase safety to avoid future incidents from taking place. Procedures and policies are also being reviewed and workforce at Seguin Dermatology will get more training on safety consciousness. Patients have been provided identity thievery and credit checking facilities for one year to defend them against scam.
