A chiropractic clinic in Ann Arbor, Mich., has reported a data breach after learning a server containing patient treatment and billing information was infected with malware.
Complete Chiropractic & Bodywork Therapies learned of the server compromise on March 19. In addition to treatment and billing information, the server contained electronic medical record data, including names, birth dates, addresses, Social Security numbers and health and diagnosis information, according to the clinic's breach notice, which mentions the EMR data is encrypted.
"There is no indication that this information was actually taken or inappropriately used — only that there was an opportunity to do the same," according to the notice.
CCBT notified 4,082 patients of the potential breach, reports HIPAA Journal.
CCBT discovered the malware after experiencing a server malfunction. The clinic disconnected the server from the Internet, changed workstation and vendor passwords and added additional IT security safeguards after learning of the server malfunction. An investigation by IT forensic experts determined the server malfunction was likely caused by a malware infection, and the unauthorized users first accessed the server Nov. 19.
"We are taking this matter very seriously and are working hard to make sure this does not happen again," according to the breach notice.
More articles on data breaches:
Unhealthy rise in healthcare privacy breaches: 5 tips to stay ahead of patient privacy threats
Vendor misconfiguration breaches Children's National Health System patient data
Florida Medical Clinic notifies 1,000 patient of data breach after Greenway Health mistake