On Jan. 8, the vendor informed the Jefferson, S.C.-based practice that it had experienced a ransomware attack. Cyberattackers used compromised credentials to access the vendor’s system Sept. 23, 2020.
The attackers accessed Sandhills’ system on Nov. 15 and extracted Sandhills’ data before the ransomware attack was launched on Dec. 3.
Sandhill determined Social Security numbers, driver’s license numbers and birth dates were among information that was affected. Medical records, bank account numbers and credit card numbers were not affected. The vendor paid the ransom and was assured copies of the patient data were deleted.
More articles on cybersecurity:
Texas Medicaid subcontractor dumped after data breach
Pittsburgh hospital employee inappropriately disclosed patient health information, UPMC says
65,000 Humana members’ information exposed in wrongful records access incidents