On October 5, HHS received a HIPAA breach notification from the National Ambulatory Hernia Institute in California. According to the notification, the incident affected 15,974 patients.
A notice prominently displayed on NAHI’s site explains that there was a ransomware incident on September 13.
URGENT NOTICE: Our office has experienced a Ransomware attack on September 13th 2018. The attack was tied to an email address [email protected]. If you were treated by one of our physicians prior to July 19th, 2018 your demographic information may have been compromised. If your information was not in our possession prior to July 19th, 2018 there is no possibility that your information was compromised.
Potentially compromised information includes: Full name, Address, Date of birth, Social Security Number, Diagnosis and Appointment date/time information.
If you believe your personal information has been compromised we recommend that you obtain an Identity Monitoring Service for a period of at least one year.
Our office has moved all of our data to an off-site server, continues to investigate this matter, and has taken steps to eliminate the possibility of a future breach including the purchase of a more robust firewall and antivirus.
This notice is being provided voluntarily.
If you have further questions, please call our office at 800-962-3766.
It is not clear to me why they say they are providing the notice “voluntarily” if they are actually required to disclose it by HIPAA and HITECH. They do not say that they could definitively rule out access and/or acquisition. Then, too, they do not indicate whether they paid any ransom demanded or if there was no need to pay because they had a full and intact backup or removal instructions.
The [email protected] email address has been associated with Gamma ransomware. More information on this type of Crysis ransomware and its removal can be found on pcrisk.