Malware Attack Reported by Minnesota Infertility Clinic

Malware has been installed on the network of Reproductive Medicine and Infertility Associates: A Woodbury, MN, infertility clinic.

While no evidence was uncovered to suggest any patient information was accessed or exfiltrated by the malware, the possibility of a data breach could not be ruled out.

The malware attack was detected by the clinic on December 5, 2018 and a third-party computer forensics firm was hired to investigate and clean the malware from its systems. While the malware was successfully removed, it was not possible to determine exactly how it was installed on the network.

Information stored on systems potentially accessible by the malware included names, dates of birth, addresses, treatment information, health insurance information, and donors’ Social Security numbers.

All individuals whose PHI was exposed were notified about the incident on February 1, 2019. As a precaution against fraud, all individuals affected by the breach have been offered complimentary identity theft monitoring services.

Anti-malware defenses have now been improved, which include an additional firewall, extra layers of security, and further training for employees on data security.

Server Stolen from Waco Dental Clinic

Stonehaven Dental, an operator of two dental practices in Waco and Harker Heights, TX, has announced that thieves broke into its Waco clinic and stole a computer server that contained patient information.

All data on the server had been backed up via a cloud storage service and could be restored. The server was protected with two layers of password-security, but patient data was not encrypted.

The server contained patients’ names, telephone numbers, addresses, dates of birth, medical records, medical record numbers, health insurance information, and for some patients, Social Security and Driver’s license numbers.

While data access is unlikely, it is possible that the passwords could be cracked. Consequently, the decision was taken to offer affected patients complimentary identity theft protection services.

Affected patients were notified about the incident on January 22, 2019. The HHS’ Office for Civil Rights has also been informed. The breach summary on the OCR website indicates 6,289 patients’ information was stored on the stolen server.

Physical security at Stonehaven Dental offices has now been strengthened and all devices containing patient information are now encrypted.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.