23,500 Patients Impacted by Connecticut Eye Clinic Ransomware Attack

Dr. DeLuca Dr. Marciano & Associates, P.C., a primary eye care clinic in Prospect, CT, has experienced a ransomware attack that has resulted in the encryption of files containing patients’ protected health information.

The attack occurred on November 29, 2018. Prompt action was taken to shut down the network to prevent the spread of the infection, but it was not possible to stop the encryption of files on two servers used to store patient-related files. A ransom demand was received but no payment was made. The encrypted files were successfully restored from backups.

An investigation of the breach revealed that the two servers affected by the attack contained patient files that included information such as patient names, Social Security numbers, and some treatment information.

Dr. DeLuca Dr. Marciano & Associates has taken steps to prevent further cyberattacks, which include closing remote access to the network, implementing technical solutions to protect against ransomware, and enhancing its anti-virus software.

While there is no indication that patient information was accessed or stolen, all individuals whose protected health information was potentially compromised have been notified by mail and, out of an abundance of caution, offered complimentary credit monitoring and identity theft protection services.

The ransomware attack has been reported to all appropriate authorities. The breach report submitted to the Department of Health and Human Services’ Office for Civil Rights (OCR) indicates 23,578 patients have been affected by the breach.

Patients’ PHI Potentially Accessed in Chaplaincy Health Care Phishing Attack

Chaplaincy Health Care, a not-for-profit provider of hospice, behavioral health, palliative care, and chaplain services in the tri-cities area of southeast Washington, has discovered an unauthorized individual has gained access to the email account of an employee and potentially viewed patients’ protected health information.

The breach was detected on November 20, 2018 – The same day that the account was breached. Assisted by a third-party computer forensics firm, Chaplaincy Health Care determined that an unknown individual gained access to a single email account for a period of around 4 hours.

Emails in the account contained patients’ names, home addresses, dates of birth, medical record numbers, prescription information, dates of service, and the last four digits of Social Security numbers.

Breach notification letters were sent to affected individuals on January 3, 2019. Complimentary credit monitoring and identity theft protection services have been offered to breach victims.

The breach has prompted Chaplaincy Health Care to provide further training on email security to employees. 2-factor authentication has also been implemented to protect against unauthorized account access.

The breach report submitted to OCR indicates the PHI of 1,086 patients was potentially accessed.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.