Patients of the Center for Orthopaedic Specialists are being notified because unauthorized individuals potentially accessed some of their protected health information (PHI) when ransomware was installed on its network. The ransomware attack affected the three facilities of the Center for Orthopaedic Specialists located in Simi Valley, West Hills and Westlake Village in California. Databreaches.net reported that 85,000 patients were potentially impacted.
The IT vendor of the Center for Orthopaedic Specialists informed them that an unauthorized individual started its attempt to gain access to its network on February 18, 2018. He was successful and was able to install ransomware, which encrypted a lot of files that contained the PHI of patients. Information that were encrypted by the ransomware included patients’ names, details of patients’ information, birth dates and Social Security numbers.
The IT vendor took prompt action to limit the potential harm the ransomware may cause. They took the affected system offline quickly to avoid any exfiltration of data. According to the breach investigation, there’s no evidence uncovered that would suggest the individuals responsible for the attack viewed or copied the patients’ protected health information. But the investigators cannot rule out data theft with 100% certainty. As a safety precaution, the Center notified all the patients whose PHI was encrypted by the ransomware so that they can take extra precaution and watch out for signs of identity theft and fraud.
Although the likelihood of data theft is low, the Center for Orthopaedic Specialists is offering free identity theft protection and credit monitoring services for two years through ID Experts to all affected patients. On top of that, the patients get $1,000,000 protection by an insurance policy.