bty Dental in Anchorage, Alaska suffered a ransomware attack that they discovered on November 17.

The ransomware impacted some of their servers, including the possibility that patients’ names and x-ray images might have been accessed.

But the good news is what couldn’t have been accessed.

As the practice explains in their notice:

After examining the impacted server, the investigation was unable to determine if patients’ name and X-ray images had been viewed or accessed by an unknown, unauthorized third party. While our investigation did not identify specific activity surrounding patients’ information, we are notifying potentially impacted individuals out of an abundance of caution. Importantly, our practice management software and database were encrypted as required by HIPAA, and No Financial Information, Medical Record, Social Security Numbers, Date of Birth, if provided to us, were impacted by this event.

Bravo, btyDental! And not only had they protected much of their patient data, they notified patients and HHS timely, with notification to HHS made on December 26.  According to HHS’s breach tool, 2008 patients were notified of this incident.