The practice constantly backed up patient data and stored its backups securely, so it was possible to bring systems back online quickly and recover data without paying the ransom demand. Data theft is not suspected but the possibility could not be eliminated, so notification letters have been issued to all impacted patients. The range of data which could potentially have been accessed by the hacker included names, addresses, dates of birth, Social Security numbers, email addresses, and health data.
Andrews Braces has now configured extra security solutions and has taken other steps to harden security to stop more attacks going forward
Elsewhere, EVersana a supplier of global services to the life sciences sector, has revealed an unauthorized individual gained access to the email accounts of some of its staff members in 2019.
EVERSANA was notified about unusual activity in its employees’ accounts and found that the accounts had been accessed by an unauthorized person through a legacy technology environment. The investigation found that the accounts were accessed between April 1 and July 3, 2019.
The accounts included data from a small number of patient services programs. No proof of unauthorized data access was identified, but it is possible that the attacker(s) accessed the sensitive information of specific patients.
The breach has not yet been published the HHS’ Office for Civil Rights website, so it is currently unknown how many individuals have been impacted.