HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

24,000 Patients Impacted by New Jersey Ransomware Attack

Paramus, NJ-based orthopedic surgeon, Ronald Snyder, M.D., has learned that an office server containing patient billing information has been compromised and encrypted by ransomware.

The attack took place on January 9, 2019 and prevented office staff from accessing patient files. The server was backed up regularly so it was possible to quickly restore almost all files that had been rendered inaccessible without having to pay any ransom demand.

Third-party computer forensics consultants were brought in to assist with the investigation, but it was not possible to determine whether patient information had been accessed due to damage caused by the attack.

No evidence was uncovered to suggest the attack was conducted as part of an attempt to gain access to patient information, although it was not possible to rule out data access. Consequently, all patients affected by the breach have been notified by mail.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The following types of information were stored in files on the server: Names, addresses, dates of birth, genders, co-pay amounts, patient statuses, employment statuses, telephone numbers, email addresses and, for some patients, their insurance identification number, which may have been formed using a Social Security number.

Additional safeguards have since been implemented to prevent further unauthorized accessing of computer equipment.

The breach report on the HHS website, filed under the provider name Pediatric Orthopedic Specialties, PA, dba, ActivYouth Orthopaedics, indicates 24,176 patients have been affected by the breach.

Healthcare Clearinghouse Discovers PHI Exposure over Internet

Inmediata Health Group Corp, a provider of clearinghouse, software, and business process solutions, has announced that the medical information of some of its clients’ patients has been accidentally exposed online.
In January 2019, Inmediata discovered a webpage used internally by its employees had been misconfigured which allowed search engines to access and index the page. The information accessible through the webpage was limited to names, dates of birth, genders, and medical claims information. A very limited number of individuals also had their Social Security numbers exposed.

A computer forensics company assisted with the investigation and tried to determine whether the webpage and patient information had been accessed by unauthorized individuals. No evidence was uncovered to suggest the information was subjected to unauthorized access, but the possibility could not be ruled out.

All patients whose information was exposed were notified by mail on April 22, 2019. It is currently unclear how many patients have been affected and for how long their information was exposed online.

Gardner Family Health Network Discovers Unauthorized Individual Accessed Records Room

Gardner Family Health Network has alerted 5,064 patients about the discovery that an unauthorized individual gained has access to its optometry records room at its Gardner St. James clinic.

The unauthorized access was discovered on February 19, 2019. It is unclear why the room was accessed or what the individual did in the room, but it is possible the records of patients were viewed.

As a precaution, Gardner Family Health has notified all 5,064 patients whose records could potentially have been viewed. The types of information contained in the records was limited to names, addresses, dates of birth, phone numbers, medical record numbers, and appointment dates, times, and locations.

Gardner Family Health has improved physical security to prevent any similar breaches from occurring in the future.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.