25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Almost 10,000 Patients Impacted by Nebraska Ransomware Attack

Posted By on Dec 21, 2017

Columbus Surgery Center, LLC and Eye Physicians, P.C., in Columbus, Nebraska have experienced a ransomware attack that has potentially resulted in the protected health information of almost 10,000 patients being accessed by the attackers.

The ransomware attack occurred on October 7, 2017 and saw a wide range of files on some servers being encrypted by the ransomware. A ransom demand was issued by the attackers, although it was not paid. The encrypted files were restored from a recent backup to allow services to be continued to be offered to patients.

Third-party computer forensics professionals were called in to assist with the investigation of the attack to determine whether the attackers gained access to, viewed, or copied patient information and to investigate how access to the servers was gained and how the ransomware was installed.

The investigation did not uncover evidence to suggest any patient health information was stolen, but data access could not be ruled out with a high degree of confidence. Consequently, the incident was reportable to the Department of Health and Human Services’ Office for Civil Rights under HIPAA Rules and notifications to patients were warranted. Those notifications have now been mailed.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Eye Physicians reports that the breach involved information such as names, dates of birth, and ophthalmic imagery, and that no financial information or Social Security numbers were exposed.

As a result of the attack, an external IT security consultant was contracted to conduct a comprehensive security risk assessment to identify potential vulnerabilities, and hardware and software have been upgraded as a result of that assessment. It is hoped that the improvements to security will help to prevent similar incidents from occurring in the future.

The incident affected 7,721 patients of the Columbus Surgery Center and 2,620 patients of Eye Physicians, according to the breach reports submitted to OCR.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist