Los Angeles-based St. John's Well Child and Family Center began notifying 29,030 patients of a data breach that disrupted access to its systems, according to an April 29 notification letter.
Six details:
- On Feb. 3, the clinic experienced a data breach that disrupted access to its systems and attacked its network, but it is unclear if the system was hit with ransomware.
- When the clinic learned of the breach, it began to take steps to secure its network and launched an investigation with cybersecurity experts.
- The investigation revealed that protected health information may have been accessed or acquired during the incident.
- On March 25, the investigation determined current and former patients' names and Social Security numbers may have been compromised.
- St. John's is offering those affected identity protection services through IDX, a data security and recovery expert, which includes cyber-scan monitoring, a $1 million insurance reimbursement policy and identity theft recovery services.
- St. John's has been the medical administrator of COVID-19 vaccines and tests at several sites recently, including clinics at schools, churches and civic centers in the Los Angeles area, according to CBSLA. It's unclear if the compromised information came from any of those recent vaccination or testing events.