After discovering the ransomware, FDIP tapped a cybersecurity firm to remove the malicious software and restore its data via backup files.
The cybersecurity firm was unable to determine whether any of the information had been viewed or removed from FDIP’s servers, but the cyberattack enabled hackers to access current and former patients’ names, dates of birth, home addresses, account numbers, diagnoses or other types of information. FDIP does not store any financial information.
“The cybersecurity firm cleansed FDIP’s computer systems, confirmed that no malware remained and implemented additional protections to help avoid any future incidents,” a notice on FDIP’s website states. “We do not expect that patients will experience any harm from this unauthorized disclosure, and there is no action patients need to take at this time.”
FDIP’s notice instructs patients who receive any suspicious communications or discover other activities they believe may be related to this event to inform FDIP immediately.
More articles on cybersecurity:
Insiders comprise more than half of cyberattackers in healthcare
How well-versed is your organization in HIPAA? This firm has a quiz to find out
New York nonprofit healthcare organization hit with $200K HIPAA fine
