California Ransomware Attack Affects 85,000 Patients

by

Patients of the Center for Orthopaedic Specialists are being notified because unauthorized individuals potentially accessed some of their protected health information (PHI) when ransomware was installed on its network.  The ransomware attack affected the three facilities of the Center for Orthopaedic Specialists located in Simi Valley, West Hills and Westlake Village in California. Databreaches.net reported that 85,000 patients were potentially impacted.

The IT vendor of the Center for Orthopaedic Specialists informed them that an unauthorized individual started its attempt to gain access to its network on February 18, 2018. He was successful and was able to install ransomware, which encrypted a lot of files that contained the PHI of patients. Information that were encrypted by the ransomware included patients’ names, details of patients’ information, birth dates and Social Security numbers.

The IT vendor took prompt action to limit the potential harm the ransomware may cause. They took the affected system offline quickly to avoid any exfiltration of data. According to the breach investigation, there’s no evidence uncovered that would suggest the individuals responsible for the attack viewed or copied the patients’ protected health information. But the investigators cannot rule out data theft with 100% certainty. As a safety precaution, the Center notified all the patients whose PHI was encrypted by the ransomware so that they can take extra precaution and watch out for signs of identity theft and fraud.

Although the likelihood of data theft is low, the Center for Orthopaedic Specialists is offering free identity theft protection and credit monitoring services for two years through ID Experts to all affected patients. On top of that, the patients get $1,000,000 protection by an insurance policy.

James Keogh

James Keogh has been writing about the healthcare sector in the United States for several years and is currently the editor of HIPAAnswers. He has a particular interest in HIPAA and the intersection of healthcare privacy and information technology. He has developed specialized knowledge in HIPAA-related issues, including compliance, patient privacy, and data breaches. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681 or email directly at [email protected]