PrairieVille is a Magnolia Pediatrics based in LA and is now notifying 12,861 of its patients that a ransomware attack has potentially compromised some of their protected health information around March 26th, 2020.
This sudden attack was first investigated by the companies IT vendor, LaCompuTech, which figured that only its master boot record had been affected and that private patient records had not been accessed, encrypted or exported by the cybercriminals, and also determining that a HIPPA breach did not occur and this incident being reported to the HHS’ Office for Civil Rights was not necessary and notification letters to parents were not sent out.
Magnolia Pediatrics has cut ties with LaCompuTech and has started a leading information technology and security provider to oversee the security of its own computer systems.
This is actually the second ransomware attacks to have targeted Magnolia Pediatrics in the past 14 months. The previous attack happened August 23rd 2019 and affected 11,100 of its patients.
However, OCR did tell Magnolia Pediatrics on September 11th 2020, that this attack was in fact a reportable data breach and patient notification letters were necessary. OCR stated that any and all hackers who had access to the master boot record will have full access of their server and all private health information stored on that server.
Protected health information stored on the server included patients’ names, addresses, telephone numbers, dates of birth, Social Security numbers, health insurance information, medical record numbers, and clinical information, including diagnoses, lab test results, treating physicians’ names, medications, medical histories, and dates of service.
Magnolia Pediatrics stated their investigation uncovered absolutely no evidence to prove any patient data was stolen and no patient’s data was encrypted. They say they are taking many steps to improve security, including using multi-factor authentication on all their servers, improving filters for email and traffic, many intrusion prevention and detection systems and also a systemic risk analysis and remediation process has been added. Cybersecurity awareness programmes have been out in place for all employees of the company and the dark web is being monitored closely for any email addresses belonging to Magnolia Pediatrics.
Meanwhile, The Lone Tree CO-based chiropractor, Accents on Health, was attacked with ransomware on August 5th 2020 which caused its data to be encrypted.
Cyber Security Forensics Specialists were called in to investigate the encryption and find out if private patient data had been breached and stolen. However, they found no evidence to suggest this but data theft could still not be ruled out. The targeted computers had access to 2,000 patient’s files which included details like full names, addresses, date of birth , account numbers, social security numbers, medical information, diagnosis codes, and insurance information.
Nothing has suggested protected healthcare information has been misused. Accents on Health is currently reviewing and actively improving its systems, policies and software to prevent another malicious attack to occur again.