The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Ransomware Attack Potentially Impacts 128,000 Arkansas Patients

Posted By on Sep 28, 2017

Arkansas Oral Facial Surgery Center in Fayetteville has experienced a ransomware attack that has potentially impacted up to 128,000 of its patients.

Ransomware was believed to have been installed on its network between July 25 and 26, 2017. The attack was detected rapidly, although not before files, x-ray images, and documents had been encrypted. The incident did not result in the encryption of its patient database, except for a ‘relatively limited’ set of patients who data related to their recent visits encrypted. Those patients had visited the center for medical services in the three weeks prior to the ransomware attack.

The ransomware attack is still under investigation, although to date, no evidence of data theft has been found. Arkansas Oral Facial Surgery Center believes the sole purpose of the attack was to extort money, and not to steal data; however, it has not been possible to rule out data access or data theft with a high degree of certainty.

The files and images that were potentially accessed included information such as names, addresses, dates of birth, Social Security numbers, health insurance details, medical diagnoses, health conditions, treatment information and other clinical information. The ransomware attack has also rendered files, medical images and details of visits unavailable.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Since sensitive protected health information has potentially been accessed, patients are now being notified of the breach by mail. All impacted individuals have been offered identity repair and credit monitoring services through AllClear ID for 12 months without charge.

Arkansas Oral Facial Surgery Center has warned patients to be alert for phishing attacks in the wake of the breach and has confirmed it would not request any personal information via the telephone or email in relation to the breach. If any calls or emails are received, patients should exercise caution and treat them as potential phishing scams.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist