Stockdale Radiology and Affordacare Urgent Care Clinics Report Ransomware Attacks

Stockdale Radiology in California has revealed that patient data has been impacted due to a ransomware attack thsat occurred on January 17, 2020.

An internal review confirmed that the hackers obtained access to patients’ first and last names, addresses, refund logs, and personal health information, including doctor’s notes. Stockdale Radiology said a small number of patient files were publicly exposed by the hackers.  Stockdale Radiology also saw that, on January 29, 2020, that additional patient information may have been accessed, but has not been publicly shared.

Systems were quickly closed off to prevent any further unauthorized data access and a third-party computer forensics firm was engaged to look into the breach and determine how access was obtained and who was impacted. The FBI was made aware of the attack and arrived at Stockdale Radiology within 30 minutes. The FBI investigation into the breach is still current.

Stockdale Radiology has now carried out a review of internal data management and its security measure and has taken steps to improve cybersecurity to prevent further attacks going forward.

According to the breach report published on the HHS’ Office for Civil Rights website, 10,700 patients were impacted by the breach.

Elsewhere in Abilene, TX-based, Affordacare Urgent Care Clinics has started advising patients that some of their protected health information may have been infiltrated due to a ransomware attack. The attack was identified on February 4, 2020 and is thought to have begun on or around February 1, 2020.

A review of the breach revealed the cybercriminals obtained access to its servers and deployed Maze ransomware. Before deploying the ransomware, the attackers took patient information. Some of that data has been publicly shared.

The range of data on the infiltrated servers included names, addresses, telephone numbers, ages, dates of birth, visit dates, visit locations, reasons for visits, health insurance provider names, health insurance policy numbers, insurance group numbers, treatment codes and descriptions, and healthcare provider remarks.  No financial data, electronic health records, or Social Security numbers were impacted.

Impacted individuals have been offered free credit monitoring, identity theft protection, and identity recovery services.