PHI Potentially Compromised in Ransomware Attacks on Eye Center and Law Firm

Francisco J. Pabalan MD has reported a ransomware attack that has affected up to 50,000 patients of the Pabalan Eye Center in Riverside, CA.

The ransomware attack was discovered on March 3, 2021, with the investigation confirming the attack commenced on March 1. The attackers encrypted files on computers and servers that prevented access and patient data was ransomed. All affected computers and servers had been backed up prior to the attack, so it was possible to recover the encrypted data without having to pay the ransom.

The investigation found no evidence of data theft, with the attack appearing to only have been conducted to cause disruption to services in order to extort money from the practice. Following the attack, all computers and servers were formatted prior to operating systems and software being reinstalled, and patient data were then restored from backups.

Additional security measures have been implemented, including new anti-virus and anti-ransomware software, new data encryption technology, and a new Security Rule Risk Management Plan has been developed and put in place. New technical safeguards were introduced to bolster security, including new, secure VPN protected connections to servers, updated password policies, and additional training has been provided to the workforce to aid with the identification of security threats. Moving forward, periodic technical and nontechnical evaluations and updates will be conducted.

While it does not appear that financial information was obtained by the attackers, all affected patients have been advised to be vigilant and monitor their account statements and for any signs of identity theft or fraud. Protected health information potentially compromised in the incident includes scanned insurance forms, exam findings, imaging, diagnostic testing, and scanned past medical records.

Ransomware Attack Reported by Campbell, Conroy, O’Neill Law Firm

The Boston, MA-based law firm, Campbell, Conroy, O’Neill, has announced it suffered a ransomware attack on or around February 27, 2021.

The attackers encrypted certain files on its systems which prevented access, with the investigation suggesting the attacker had accessed files containing sensitive information in the attack. It was not possible to determine whether the threat actor viewed or obtained specific information relating to individuals.

The types of data in the files varied from individual to individual and included one or more of the following data elements: Names, dates of birth, driver’s license numbers, state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data, and online account credentials such as usernames and passwords.

Campbell, Conroy, O’Neill has conducted a review of policies and procedures and additional safeguards are being implemented to prevent further attacks. Individuals whose Social Security number was potentially compromised in the incident have been offered a complimentary 2-year membership to credit monitoring, fraud consultation, and identity theft restoration services.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.