DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

Healthcare entities continue to be targeted: eye care provider in Ohio hit with ransomware, dental practice in Minnesota reports cyberattack

Posted on August 15, 2019 by Dissent

I wonder if HHS will need to take on more staff to deal with all the HIPAA breaches being disclosed this year.  In July alone, this blogger logged approximately 65 reports on my worksheet, although a number of them were all reporting on a few business associate breaches.  In any event, there are a lot of reports to wade through each month. Here are two more that were disclosed over the past 48 hours:

Eye Care Associates describes themselves as a fully integrated regional eye care provider serving a three-county area in Northeastern Ohio.  Andrea Wood of Business Journal Daily reports that they were hit by ransomware:

– Eye Care Associates Inc., the largest ophthalmology and optometry practice in the region, was the victim of a ransomware attack two weeks ago that locked – and still locks – its computer systems.

As of this posting, the computer system is still down, although operations should be fully restored in “the next day or two,” Mary Jo Sierra, director of operators, said Tuesday.

No patient data or other sensitive information was stolen, she emphasized.

Of course, “stolen” is only one risk with an attack. Were the data corrupted or made unusable which would impact patient care? In this case, the provider had a usable backup of data (good for them!), but their ability to book patient appointments for a few weeks sounded pretty impaired or compromised. Read more on Business Journal Daily.

While Eye Care Associates worked on recovery in Ohio, a Minnesota dental practice has been dealing with the aftermath of some external attack that is not clearly specified in their press release (below). I could not really figure out what they were describing, but haven’t had time to call them to ask. Maybe one of the other sites that covers HIPAA breaches will get the details on this one.

NORTH BRANCH, Minn.Aug. 13, 2019/PRNewswire/ — Bayview Dental (“Bayview”) recently discovered an event that may affect the security of certain patients’ personal information. This notice contains information about the incident, actions Bayview is taking in response, and suggested steps that potentially impacted patients can take to monitor their information and protect themselves against the possibility of identity theft and fraud, should they feel it is appropriate.

What Happened: On May 28, 2019, Bayview became aware of unusual activity on its servers. Bayview immediately launched an investigation, with the aid of forensic experts, to determine the nature and scope of the activity. On July 4, 2019, Bayview learned that an unauthorized actor potentially had access to the servers, and through that, to certain personal information. We are unable to confirm whether the information was subject to unauthorized access, but because the possibility exists, out of an abundance of caution we provided potentially impacted individuals with notice. We are unaware of any attempted or actual misuse of the information. We also reported the incident to the relevant regulators.

What Information Was Involved:Though the investigation is ongoing, Bayview has determined that the information that may have included patient names, addresses, phone numbers, dates of birth, dental insurance information, medical/dental history information and potentially Social Security numbers. We are unaware of any attempted or actual misuse of the information.

What We Are Doing>:The privacy and security of patient information is of paramount importance to Bayview. Upon learning of this incident, we immediately secured the impacted servers and began working to implement additional safeguards and continue to provide training to our employees on data privacy and security.

Bayview is also notifying patients who may be affected by this incident. In this notice, Bayview is offering 12 months of credit monitoring and identity restoration services through Kroll at no cost to patients.

What You Can Do:Affected patients should review the notice letter they received, which contains information on what they can do to help protect themselves against the possibility of identity theft and fraud. They may also enroll in the free credit monitoring and identity theft protection services Bayview is offering.

For More Information: We sincerely regret any inconvenience or concern this incident may have caused. Should you have any questions about the content of this notice or ways you can better protect yourself from the possibility of identity theft, please call 866-775-4209 between 8:00 am and 5:00 pm CT, Monday through Friday, excluding major holidays.

SOURCE Bayview Dental

Related Posts:

  • Court Dismisses Minnesota AG's HIPAA…
  • OCR Issues Proposed Modifications to HIPAA Privacy…
  • 2016: Healthcare data breaches in review, Part 1
  • Ohio dental insurance carrier disclosed breach…
  • 2022 Mid-Year Healthcare Data Breach Deep Dive -- Protenus

Post navigation

← AZ: Camp Verde Unified School District hit with ransomware attack as school year starts
Lazarus group behind recent cyberattack on South Africa – Kaspersky →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • Cybersecurity: Federal Agencies Made Progress, but Need to Fully Implement Incident Response Requirements (GAO Report)
  • Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers
  • CBIZ KA Notice of Data Privacy Incident (Prime Healthcare)
  • Seeking clarification on Maine’s data breach notification statute
  • East River Medical Imaging notifies 605,809 patients of breach
  • Russian hackers exploiting Outlook bug to hijack Exchange accounts
  • Britain dismisses report claiming Sellafield nuclear site hacking, says no malware exists on our system
  • 23andMe data breach: Hackers accessed data of 6.9 million users

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net