Sioux Falls-based Plastic Surgery Associates of South Dakota discovered a ransomware infection in February.
The center said it found ransomware on its computer systems on Feb. 12 and immediately hired third-party experts to investigate. The investigation found most patient records were not accessed, but was unable to determine the full scope of the attack.
The center concluded it could not determine whether a limited number of patient records had been accessed during the incident on or about April 24. The cyberattackers may have accessed patient information including names, Social Security numbers, driver's licenses or state ID numbers, credit card information, medical conditions, diagnosis information, lab results, addresses, dates of birth and insurance information.
Plastic Surgery Associates does not have evidence of any "actual or attempted misuse of patient information," but it is notifying nearly 10,200 patients of the breach, reports the Argus Leader. The center will offer affected patients free credit monitoring and identity theft protection services for one year.
Becker's reached out to Plastic Surgery Associates for comment. This story will be updated as more information becomes available.
More articles on health IT:
Erie County Medical Center estimates paying $10M to recover from ransomware attack: 5 things to know
Health systems unintentionally fax businessman PHI for 4 years