Healthcare entities continue to be targeted: eye care provider in Ohio hit with ransomware, dental practice in Minnesota reports cyberattack

I wonder if HHS will need to take on more staff to deal with all the HIPAA breaches being disclosed this year.  In July alone, this blogger logged approximately 65 reports on my worksheet, although a number of them were all reporting on a few business associate breaches.  In any event, there are a lot of reports to wade through each month. Here are two more that were disclosed over the past 48 hours:

Eye Care Associates describes themselves as a fully integrated regional eye care provider serving a three-county area in Northeastern Ohio.  Andrea Wood of Business Journal Daily reports that they were hit by ransomware:

Eye Care Associates Inc., the largest ophthalmology and optometry practice in the region, was the victim of a ransomware attack two weeks ago that locked – and still locks – its computer systems.

As of this posting, the computer system is still down, although operations should be fully restored in “the next day or two,” Mary Jo Sierra, director of operators, said Tuesday.

No patient data or other sensitive information was stolen, she emphasized.

Of course, “stolen” is only one risk with an attack. Were the data corrupted or made unusable which would impact patient care? In this case, the provider had a usable backup of data (good for them!), but their ability to book patient appointments for a few weeks sounded pretty impaired or compromised. Read more on Business Journal Daily.

While Eye Care Associates worked on recovery in Ohio, a Minnesota dental practice has been dealing with the aftermath of some external attack that is not clearly specified in their press release (below). I could not really figure out what they were describing, but haven’t had time to call them to ask. Maybe one of the other sites that covers HIPAA breaches will get the details on this one.

NORTH BRANCH, Minn.Aug. 13, 2019/PRNewswire/ — Bayview Dental (“Bayview”) recently discovered an event that may affect the security of certain patients’ personal information. This notice contains information about the incident, actions Bayview is taking in response, and suggested steps that potentially impacted patients can take to monitor their information and protect themselves against the possibility of identity theft and fraud, should they feel it is appropriate.

What Happened: On May 28, 2019, Bayview became aware of unusual activity on its servers. Bayview immediately launched an investigation, with the aid of forensic experts, to determine the nature and scope of the activity. On July 4, 2019, Bayview learned that an unauthorized actor potentially had access to the servers, and through that, to certain personal information. We are unable to confirm whether the information was subject to unauthorized access, but because the possibility exists, out of an abundance of caution we provided potentially impacted individuals with notice. We are unaware of any attempted or actual misuse of the information. We also reported the incident to the relevant regulators.

What Information Was Involved:Though the investigation is ongoing, Bayview has determined that the information that may have included patient names, addresses, phone numbers, dates of birth, dental insurance information, medical/dental history information and potentially Social Security numbers. We are unaware of any attempted or actual misuse of the information.

What We Are Doing>:The privacy and security of patient information is of paramount importance to Bayview. Upon learning of this incident, we immediately secured the impacted servers and began working to implement additional safeguards and continue to provide training to our employees on data privacy and security.

Bayview is also notifying patients who may be affected by this incident. In this notice, Bayview is offering 12 months of credit monitoring and identity restoration services through Kroll at no cost to patients.

What You Can Do:Affected patients should review the notice letter they received, which contains information on what they can do to help protect themselves against the possibility of identity theft and fraud. They may also enroll in the free credit monitoring and identity theft protection services Bayview is offering.

For More Information: We sincerely regret any inconvenience or concern this incident may have caused. Should you have any questions about the content of this notice or ways you can better protect yourself from the possibility of identity theft, please call 866-775-4209 between 8:00 am and 5:00 pm CT, Monday through Friday, excluding major holidays.

SOURCE Bayview Dental

About the author: Dissent

Comments are closed.