A "sophisticated criminal cyberattack" may have breached the data of 559,000 patients at Murfreesboro (Tenn.) Medical Clinic & SurgiCenter, the healthcare provider said.
The April hack caused the medical center to shut down for about a week and completely rebuild its IT systems. Murfreesboro Medical said in a June notice that a "well-known cyber extortion operation" had infiltrated its network April 22.
"We did not pay a ransom," Joey Peay, CEO of the physician-owned, for-profit center, told the Murfreesboro Daily News Journal in June. "We're not going to. We refused to engage with them. Law enforcement and [legal] counsel advised us not to. It's the principle of the matter."
Ransomware group BianLian claimed responsibility for the hack, posting that it had 250 gigabytes of the medical center's data before removing the post, DataBreaches.net reported July 3.
Murfreesboro Medical notified HHS that 559,000 individuals were affected by the breach, according to a July posting on the government website. The data may have included names, dates of birth, Social Security numbers, dependent information, medical tests and diagnoses. The medical center said its operations have been fully restored and that it has no evidence that any data was stolen.