Ransomware attack on mailing service exposes info of 20,000+ Oregon clinic patients 

Salem (Ore.) Clinic and the Oregon Heart Center in Salem began notifying patients Jan. 19 that their protected health information was exposed during a May 2019 ransomware attack targeting their mailing service provider. 

In a Jan. 19 notice from Metro Presort, the Portland-based printing and mailing processing business said the breach affected 20,928 patients from Salem Clinic and 3,172 patients from Oregon Heart Center. Some of the patient data exposed included only names and addresses, but other patients' records included health plan identification numbers and treatment information as well. 

The ransomware attack involved Ryuk malware, which hackers used to infect Metro Presort's computer servers from May 6-15, 2019, and then demand payment to unlock the servers and information. This made data stored on the servers unusable; Metro Presort said it did not pay the ransom. 

At the time of the attack, Metro Presort was processing mailings for 21 healthcare organizations, ranging from marketing materials to statements and invoices. HHS' Office for Civil Rights investigated the breach and on Dec. 31, 2020, ruled that there were no violations of HIPAA. 

More articles on cybersecurity: 
Cyberattack knocks county health department's IT systems offline in northern Washington
OCR lifts HIPAA penalties for COVID-19 vaccine scheduling apps: 5 details
Texas health system cyber attack exposes patients' personal info: 4 details

 

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.