KY: Estill County Chiropractic notifies 5,335 patients of ransomware attack
March 17 –
On January 17, 2017, Estill County Chiropractic (“ECC”) discovered that an unauthorized user installed malicious software on its computer system that encrypted patient files. ECC immediately shut down the system. Although ECC was already taking security precautions, ECC replaced the system and included additional security measures.
ECC worked diligently to restore files that contained patients’ health information, and also hired a computer consultant to help determine how this event happened. ECC believes there were initial instances of unauthorized access to its system beginning January 6, 2017, ending with the encryption of files on January 17, 2017.
While ECC’s computer consultant’s investigation did not indicate that patient information was actually taken or viewed, ECC also cannot entirely rule this out. The types of information that may have been viewed during this time frame include patient names, email addresses, phone numbers, addresses, dates of birth, Social Security numbers, clinical information, provider notes, diagnosis information, claims, and health plan numbers.
ECC has arranged with Equifax Personal Solutions to offer patients who may be impacted credit monitoring at no cost to the patient for a period of one year. Those patients will receive a letter with information on how to enroll in the credit monitoring offer.
Read more of their notification on their web site.