Minnesota Infertility Clinic Malware Attack and Waco Dental Clinic Server Theft

The Reproductive Medicine and Infertility Associates network was infected by malware, according to an infertility clinic in Woodbury, MN. Although there’s no proof found that suggest access to or exfiltration of any patient information by the malware. it cannot be ruled out that there’s no data breach.

The clinic detected the malware attack on December 5, 2018. A third-party computer forensics company investigated the incident and removed the malware from the infected systems. Although the malware is gone, how it was installed on the network in the first place is still not known.

The malware could have accessed the information stored on the systems which included names, birth dates, addresses, treatment data, medical insurance details, and Social Security numbers of donors.

The infertility clinic already notified all persons whose PHI was compromised by the incident on February 1, 2019. To protect against potential fraud, all people impacted by the breach received offers of free identity theft monitoring services.

The anti-malware solution of the system has been improved by including an extra firewall, more levels of security, and additional employee training on data security.

Another data breach news involves Stonehaven Dental, which operates two dental practices in Harker Heights and Waco, TX. Thieves broke into the Stonehaven Dental clinic in Waco and took a computer server containing patient data.

All information on the server had backups thanks to a cloud storage service and can be recovered. The patient records in the server were not encrypted, though the server was protected by two tiers of password-security.

The information of patients such as names, phone numbers, addresses, birth dates, health records, medical record numbers, medical insurance details are included in the server. The Social Security and Driver’s license numbers of a number of patients were also compromised.

Though access to the data is unlikely, it is still possible to crack the passwords. Hence, the clinic decided to offer the affected patients with free identity theft protection services.

The clinic notified all affected patients about the breach on January 22, 2019. The HHS’ Office for Civil Rights was already notified, in fact, OCR already published the incident on the breach summary page of OCR’s website indicating 6,289 patients were affected by the stolen server.

Stonehaven Dental offices improved the physical security of its clinics and encrypted all devices that contain patient data.