The Plastic Surgery Associates of South Dakota has notified 10,200 patients that some of their protected health information (PHI) was at risk due to a ransomware attack in February this year.
The Plastic Surgery Associates of South Dakota found that some of their systems were infected with the ransomware earlier on February 12, 2017.
Rapid action was taken to remove the ransomware. The organization decrypted the affected systems and involved third-party forensics experts to investigate. They tried to determine if any data was exposed and the extent to which the patients’ data was impacted.
During the investigation, it came to notice that despite the attack, the majority of its patients did not have any of their data accessed or even encrypted.
But while restoring the data, critical files were lost which resulted in the loss of certain evidence.
Therefore, on April 24, the association took the decision that without proper evidence, the possibility of PHI access for 10,200 patients cannot be ruled out completely.
Thus, all of those 10,200 patients were informed about the possible data breach.
The compromised data included Social Security numbers, driver’s license numbers, state ID numbers, credit and debit card information, lab test results, medical diagnoses, birth dates, health insurance information and details of medical conditions.
Until now, Plastic Surgery Associates of South Dakota has not received any reports of misuse or attempted misuse of patients’ data.
Out of an abundance of caution, affected individuals have been offered membership of Equifax Credit Watch Silver credit monitoring and identity theft protection services for 12 months at no cost.
The Plastic Surgery Associates of South Dakota said,
“The confidentiality, privacy, and security of our patient information is one of our highest priorities. We have stringent security measures in place to protect the security of information in our possession. In addition, as part of our ongoing commitment to the security of protected health information in our care, we are working to implement additional safeguards and security measures to enhance the privacy and security of information on our systems. We are also reporting this incident to the U.S. Department of Health and Human Services (HHS).”
If you have additional questions, you can call at 800-954-9263 (toll-free), Monday through Friday, 8:00 a.m. to 8:00 p.m. CT.
Date: August 1, 2017
Image Credit: blog.tcitechs.com