Ransomware Attack Potentially Impacts 128,000 Arkansas Patients
Arkansas Oral Facial Surgery Center in Fayetteville has experienced a ransomware attack that has potentially impacted up to 128,000 of its patients.
Ransomware was believed to have been installed on its network between July 25 and 26, 2017. The attack was detected rapidly, although not before files, x-ray images, and documents had been encrypted. The incident did not result in the encryption of its patient database, except for a ‘relatively limited’ set of patients who data related to their recent visits encrypted. Those patients had visited the center for medical services in the three weeks prior to the ransomware attack.
The ransomware attack is still under investigation, although to date, no evidence of data theft has been found. Arkansas Oral Facial Surgery Center believes the sole purpose of the attack was to extort money, and not to steal data; however, it has not been possible to rule out data access or data theft with a high degree of certainty.
The files and images that were potentially accessed included information such as names, addresses, dates of birth, Social Security numbers, health insurance details, medical diagnoses, health conditions, treatment information and other clinical information. The ransomware attack has also rendered files, medical images and details of visits unavailable.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Since sensitive protected health information has potentially been accessed, patients are now being notified of the breach by mail. All impacted individuals have been offered identity repair and credit monitoring services through AllClear ID for 12 months without charge.
Arkansas Oral Facial Surgery Center has warned patients to be alert for phishing attacks in the wake of the breach and has confirmed it would not request any personal information via the telephone or email in relation to the breach. If any calls or emails are received, patients should exercise caution and treat them as potential phishing scams.