The breach was discovered the same day and the network was safeguarded. An external computer forensics firm was contracted to assist with the investigation and help determine the nature and range of the breach.
The impacted servers did not include the medical records of all patients, only records of patients who received medical services between May 1, 2019 and June 12, 2019. The forensic review did not uncover any proof to suggest patient information was viewed or copied and no reports have been received to indicate patient information has been improperly used.
For most of the impacted patients, the breach was restricted to names, dates of birth, and clinical data. A small subset of patients also had their Social Security number accessed.
Patients whose Social Security number was exposed have been provided with free credit monitoring and identity theft protection services. RIENT is implementing extra technical safeguards to enhance its security posture and prevent similar attacks in the future.
In other news, the Hospice of San Joaquin in Stockton, CA has revealed that on July 2, 2019, hackers downloaded ransomware on its network and obtained access to servers hosting the protected health information of some of its patients.
While the hackers had access to patient data, the hospice does not believe any personal information has been accessed, stolen, or misused by the hackers.
Since unauthorized data access and theft could not be eliminated with a high degree of certainty, patients have been alerted about the breach. Individuals impacted by the breach had their full name exposed along with their home address, patient ID number, diagnoses, and other sensitive details.
The hospice has already put in place extra security measures to prevent other attacks like this happening going forward.