25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Details Emerge on Laser Dermatologic Surgery Center Data Breach

Posted By on Jul 28, 2016

Laser & Dermatologic Surgery Center reported a data breach to Office for Civil Rights (OCR) on June 14, 2016 that impacted 31,000 patients. It was initially unclear as to the nature of the breach, although further details have now emerged.

Laser & Dermatologic Surgery Center has recently changed ownership. Prior to the new owners taking over the company the healthcare provider experienced a ransomware infection. All data were backed up and it was possible to restore all affected files from backups without paying the ransom demand.

However, the new owners’ IT department discovered that while the ransomware infection had been addressed, malware was present on its system. It is not clear whether the malware was installed by the same individuals responsible for the ransomware attack.

On March 21, 2016., after a review of access logs was conducted, it was also discovered that an unauthorized individual had gained access to the healthcare provider’s network. The first intrusion was determined to have taken place on March 1, 2016.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

While no evidence was discovered to suggest that the protected health information of patients had been accessed, the possibility that ePHI had been accessed could not be ruled out. Patient names, dates of birth, home addresses, and Social Security numbers could all potentially have been accessed. The individual was discovered to have gained access to the system on several occasions.

Upon discovery of the intrusion, systems were taken offline to prevent further access while IT professionals worked to restore the security of the system. A forensic analysis was also conducted to try to determine the origin of the attack. All systems have now been secured, the malware has been removed, and external access is no longer possible.

Additional security protections have now been put in place to prevent further security breaches of this nature. Patients were alerted to the potential breach of their ePHI on June 12, 2016.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist