Magnolia Pediatrics located in Prairieville, LA is informing 12,861 patients regarding the likely exposure of some of their protected health information (PHI) due to a ransomware attack that transpired on or around March 26, 2020.
IT vendor, LaCompuTech looked into the ransomware attack and confirmed that only its master boot record was impacted and the hackers did not access, encrypt or export any patient data. The IT vendor reported that there was no HIPAA breach, thus it is not required to report the incident to the HHS’ Office for Civil Rights. It is likewise not required to issue breach notification letters to patients.
Nevertheless, on September 11, 2020, OCR informed Magnolia Pediatrics that the security incident was reportable and sending notification letters to patients was necessary. OCR mentioned that any hacker who had accessed the master boot record must have had complete command of the server and so had access to any sensitive information located on that server.
The server contained these protected health information: the patients’ names, Social Security numbers, phone numbers, addresses, birth dates, health insurance details, health record numbers, and clinical data, like diagnoses, laboratory test findings, treating physicians’ names, prescription drugs, medical histories, and service dates.
Magnolia Pediatrics mentioned the investigation didn’t come across any proof that indicates the exfiltration or encryption of any patient data in the attack. Magnolia Pediatrics is taking action to boost security, such as the utilization of
- multi-factor authentication on its servers and networks
- advanced selection of email and traffic
- multiple intrusion blocking and detection systems
- thorough risk analysis and remediation process for its computer systems
The employees are given more cybersecurity awareness training. The dark web is being monitored for any email addresses linked with Magnolia Pediatrics.
Magnolia Pediatrics has cut its partnership with LaCompuTech and acquired a prominent information technology and security provider to supervise the security of its computer systems.
This is Magnolia Pediatrics’ 2nd ransomware attack in the past 14 months. The initial attack happened on August 23, 2019 and affected 11,100 individuals.
Ransomware Attack on Accents on Health
The chiropractor Accents on Health based in Lone Tree, CO experienced a ransomware attack on August 5, 2020 that saw the encryption of information stored on its computer systems. Cybersecurity forensics professionals investigated the breach to figure out if the attackers accessed or exfiltrated patient information.
There was no evidence discovered that suggests the exfiltration of patient data prior to the attack, nevertheless, data theft could not be eliminated. The breached computer systems included the following protected health information of 2,000 patients: full names, dates of birth, addresses, Social security numbers, account numbers, medical background, diagnosis codes, and insurance details.
There was no report gotten that indicate the misuse of PHI. Accents on Health is already reviewing its software program, systems, guidelines, and procedures and is going to employ more safety measures to avert even more cyberattacks.