[BreachExchange] Cyber attack exposed information for 40, 000 patients of Sioux City vision clinic

Destry Winant destry at riskbasedsecurity.com
Wed Oct 24 23:03:35 EDT 2018


https://siouxcityjournal.com/news/local/cyber-attack-exposed-information-for-patients-of-sioux-city-vision/article_04bac729-e3ba-585f-8e9d-373d54601186.html

SIOUX CITY -- A cyber attack two months ago may have compromised
protected health data for about 40,000 patients of a Sioux City vision
practice.

The Jones Eye Clinic and CJ Elmwood Partners, L.P., an affiliated
surgery center, said the breach may have impacted patients who were
registered or had services at either location between Jan. 1, 2003 and
Aug. 23.

On the morning of Aug. 23, clinic officials discovered a ransomware
attack, according to a news release. Such online attacks lock data and
demand a payment for the information to be released. The same day, the
companies' computer systems were restored using backup information,
and the attack ended without any ransom payment being made. The firms
organized an investigation, hired a forensic computer investigator and
notified the FBI.

The investigation showed a ransomware virus was loaded on the
information system the evening of Aug. 22. The attackers would have
had the ability to access patient information contained in billing and
schedule software, though the attack did not impact electronic medical
records.

Patient information that was compromised includes full names,
addresses, dates of birth, dates of service, medical record numbers
and general descriptions of the clinic visit or surgery. Some
individuals' Social Security numbers, insurance status and claim
information also may have been affected, according to the news
release.

Other types of information, like bank account or credit card
information, likely were not affected. There has been no evidence that
the stolen information has been misused.

Jones Eye Clinic and the surgery center have informed patients of the
breach and given them information on how to avoid fraud. Until Jan.
19, the companies will pay for all affected individuals to enroll in
one year of free credit monitoring services.

Anyone with questions or concerns can call a confidential, toll-free
hotline staffed with professionals familiar with this incident who can
assist with questions and the steps impacted individuals can take to
protect against identity theft and fraud. Calls to the hotline,
877-299-1557, can be made from 8 a.m. to 8 p.m. Monday through Friday.


More information about the BreachExchange mailing list