25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Shingle Springs Health and Wellness Center Ransomware Attack Impacts 21,000 Patients

Posted By on Jun 19, 2019

Shingle Springs Health and Wellness Center (SSHWC) in Placerville, CA, is notifying 21,513 patients that protected health information (PHI) was potentially compromised as a result of a recent ransomware attack.

SSHWC learned on April 7, 2019 that its server infrastructure had been compromised and ransomware had been deployed. As a result of the attack, all computer systems were rendered inoperable and access to patient data and essential files was blocked.

An investigation was immediately launched and the cyberattack was reported to the Federal Bureau of Investigation and the Indian Health Service. SSHWC has now installed new servers and is fast-tracking system upgrades and workstation updates across all departments.

The ransomware attack is believed to have been conducted to extort money from SSHWC; however, files containing PHI were involved in the breach and could potentially have been compromised. Those files contained names, addresses, telephone numbers, Social Security numbers, health insurance information, provider names, dates of service, amount paid or owed, and diagnosis codes.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

SSHWC is offering all affected patients 12 months of complimentary credit monitoring services.

This is the third major healthcare ransomware attack to have been reported in the past few days. Estes Park Health experienced a ransomware attack on June 2, 2019, which prevented computer systems and patient data from being accessed. An undisclosed ransom was paid for the keys to decrypt files, but some files remained locked. The attackers demanded further payment to unlock the remaining files.

Boardman, OH-based N.E.O Urology has also recently announced it has suffered a ransomware attack. The decision was taken to pay the $75,000 ransom and all files have now been recovered.

These are just three of several ransomware attacks to have been reported by healthcare organizations in the past two months. As a recent report from Malwarebytes confirms, ransomware is proving popular with hackers once again. In Q1, 2019, ransomware attacks increased by 195% and healthcare organizations accounted for a large percentage of those attacks.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist