Missouri family practice warns 45K patients of breach after ransomware attack

Blue Springs (Mo.) Family Care is notifying 44,979 patients that their protected health information may have been compromised when the practice's computer system was infected with ransomware in May.

The clinic's computer vendor discovered May 12 that an unauthorized third party had broken into the Blue Springs computer system and loaded numerous malware programs, including "the encryption program responsible for the ransomware attack," Blue Springs' notification reads.

While Blue Springs doesn't have any evidence the stolen information has been misused, an investigation into the breach concluded the hackers were able to access all of the clinic's computer systems. Patients' names, addresses, dates of birth, Social Security numbers, account numbers, driver's license numbers, medical diagnoses and disability codes held in the computer systems may have been compromised.

In response to the incident, Blue Springs has deployed a new firewall and is transitioning to a new, unnamed EHR vendor that will encrypt all of its patients' PHI. The clinic recommended all affected individuals place a fraud alert on their credit reports and monitor their reports for suspicious activity.

"We are keenly aware of how important your personal information is to you, and we understand that this situation may pose an inconvenience to you. We sincerely apologize and regret that this situation has occurred," the statement reads.  

More articles on cybersecurity:

700K paper records breached in 2018 — More than half attributed to 1 break-in
New Google Cloud partnership bolsters data security for health IT developers
1.2K patients may receive up to $150K in settlements after Flowers Hospital data breach

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers