25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

11,639 Individuals Impacted by Riverplace Counseling Center Malware Attack

Posted By on Apr 18, 2019

Riverplace Counseling Center in Anoka, MN, has discovered malware has been installed on its systems which may have allowed unauthorized individuals to gain access to patients’ protected health information.

The malware infection was discovered on January 20, 2019. The counseling center engaged an IT firm to conduct a forensic analysis, remove the malware, and restore its systems from backups. The analysis was completed on February 18, 2019.

The IT firm did not find evidence that suggested patient information had been subjected to unauthorized access or had been copied, but data access and PHI theft could not be totally ruled out.

The types on information stored on the affected systems included names, addresses, dates of birth, health insurance information, Social Security numbers, and treatment information.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Affected individuals were notified about the data breach on April 11, 2019 and have been offered identity theft monitoring services via Kroll for 12 months at no cost. No reports have been received to date to suggest any patients’ PHI has been misused.

Riverplace Counseling Center has not publicly disclosed what type of malware was involved, nor how the malware was installed on its systems.

To improve security and reduce the risk of further malware attacks, Riverplace Counseling Center has installed spam filters, upgraded its antivirus software and firewalls, and has provided further training to employees to help them identify unauthorized access.

The counseling center has also consulted with a cybersecurity firm which is providing recommendations on new system-wide policies and procedures to further enhance security.

According to the breach summary on the Department of Health and Human Services’ Office for Civil Rights website, up to 11,639 patients’ PHI was potentially compromised.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist