The National Capital Poison Center in Washington, D.C., is notifying an undisclosed number of individuals following a ransomware attack that may have enabled an unauthorized third party to access a database containing information on calls to and from the center dating back to January 1997.
NCPC discovered in October it had fallen victim to a ransomware attack. By Nov. 27, the on-going investigation determined an unauthorized third party had obtained access to a database server Oct. 21. The database contained information provided during calls to and from the center dating back to 1997.
NCPC has not received any reports of attempted or actual misuse of this information, which included: caller name, the name of a person possibly exposed to a poisonous substance and his or her date of birth, address and telephone number, information about the exposure and clinical course, recommendations provided to the caller, caller's email address, and if applicable, treating facility name and medical record number.
The center will mail letters to those individuals with confirmed mailing addresses and who reside in states affording protection to the type of information contained in the database. It has established a dedicated assistance line to address individuals' questions and concerns, but advises anyone who believes they may be affected to contact one of the three main credit monitoring bureaus or place a security freeze on their credit.
More articles on cybersecurity:
Oklahoma health department notifies 47k after data breach
Portland officials claim rules weren't broken when they shared personal data of 200 HIV patients
More than 4 in 5 physicians have experienced a cyberattack: 10 survey insights