30,000 Patients Affected After Malware Corrupts Medical Records

On November 21, 2019, Fondren Orthopedic Group, an association of private orthopedic surgery practitioners located in Houston and the surrounding areas, were hit by a cyberattack that impacted specific elements of its IT system.

In a substitute breach notice published on its website, the incident was referred to as a malware attack that damaged the medical records of specific patients. Swift action was taken to limit the infection and its systems were restored; however, the medical records corrupted by the malware could not be rescued and have been forever lost.

The corrupted records incorporated patients’ names, addresses, telephone numbers, health insurance data, and diagnosis and treatment details. All patients impacted by the incident were existing or former patients of Dr. K. Matthew Warnock.

Third party forensic investigators were hired to help out with the investigation and found no proof of unauthorized data access or data being downloaded illegally. Fondren Orthopedic Group is reviewing data security policies and procedures and will be bolstering its security protocols to improve resilience to malware attacks. Impacted patients have been notified and told that they will need to fill out new patient forms and supply details of their medical histories when they next visit Dr. Warnock.

The cyberattack has been made known to the HHS’ Office for Civil Rights. The breach summary indicates that almost 30,049 patients have been impacted.

Access Health CT Contacts 1,100 Clients in relation to Unspecified Data Breach

Access Health CT, the health insurance marketplace in Connecticut, has made contact with around 1,100 consumers that some of their protected health information was infiltrated in a data breach.

In its substitute breach notice, Access Health CT apologized for any inconvenience inflicted by the breach and said impacted individuals have been provided with free access to services to help them protect their personal data. The breach notice did not outline the nature of the breach, when it happened, nor the types of information that were impacted.

The notice say, “Several efforts to improve security are already in place, with longer-term initiatives planned regarding system changes and more frequent Information Technology (IT) security training to improve data protection and security awareness.”

Author: Maria Perez