[BreachExchange] Backup data aids Jones Eye Clinic in rebound from ransomware

Destry Winant destry at riskbasedsecurity.com
Mon Oct 29 22:29:24 EDT 2018


Jones Eye Clinic and its affiliated surgery center was victimized by a
ransomware attack, but was able to recover with timely use of backup

The clinic, and its CJ Elmwood Partners surgery center—together
operating three sites serving parts of Iowa and South Dakota—is
recovering from the attack, which affected as many as 40,000

On August 23, the practices discovered that the computer network was
locked with ransomware, and it received a payment demand to unlock the

“That same day, we restored our data using backup information and
ended the attack without paying the ransom amount,” according to the
practice. “However, while our systems were under attack, there is the
possibility that the attackers could have gained unauthorized access
to protected health information of patients of both Jones Eye Clinic
and the Surgery Center.”

The practice hired a computer forensic specialist and called the FBI.
The investigation found the virus was loaded one day earlier, and
during overnight hours, the attackers would have had the ability to
access patient data in the billing and scheduling software. The attack
did not affect the provider’s electronic health records system.

Compromised data in the billing and scheduling systems included full
names, addresses, dates of birth, dates of services, medical record
numbers, insurance status, claims information, Social Security
numbers, and descriptions of visits and surgeries. Bank account and
credit card information were not affected. “We engaged multiple
information technology companies to assist with restoring our systems
and deploying new technology to prevent future intrusions,” according
to the notice.

The practices are offering affected patients credit monitoring
services for one year; it encouraged patients to place fraud alerts on
credit files to make it more difficult for someone to get credit under
an individual’s name.

More information on the attack was not available.

More information about the BreachExchange mailing list