Minnesota Infertility Clinic Suffers Malware Attack

Malware has been downloaded to the network of Reproductive Medicine and Infertility Associates, an infertility clinic located in Woodbury, Minnesota.

While no proof was found to imply any patient information was accessed or exfiltrated by the malware, the chance of a data breach taking place could not be eliminated.

The malware attack was discovered by the infertility clinic on December 5, 2018 and an external computer forensics firm was contracted to investigate and clean the malware from its systems. While the malware was successfully deleted, it was not possible to deduce exactly how it was downloaded to the network.

Data stored on systems which may have be obtained by the malware included names, dates of birth, addresses, treatment information, health insurance information, and donors’ Social Security details.

All clients whose PHI was exposed were alerted about the incident on February 1, 2019. As a precaution against fraud, all individuals impacted by the breach have been offered free identity theft monitoring services.

Anti-malware defenses have now been enhanced, which incorporate an extra firewall, extra layers of security, and further training for staff on data security.

Waco Dental Clinic Server Stolen

Stonehaven Dental, which managers two dental practices in Waco and Harker Heights, TX, has revealed that thieves broke into its Waco clinic and stole a computer server that stored patient information.

All data stored on the server had been backed up via a cloud storage service and could be rescued. The server had two layers of password-security enabled. However, patient data was not encrypted.

The server included patients’ names, telephone numbers, addresses, dates of birth, medical histories, medical record numbers, health insurance information, and for a number of patients, Social Security and Driver’s license numbers.

While data access is improbable, it is possible that the passwords could be cracked. Due to this, the decision was taken to offer impacted patients free identity theft protection services.

Impacted patients were alerted regarding the incident on January 22, 2019. The HHS’ Office for Civil Rights has also been made aware of the incident. The breach summary on the OCR website stated that 6,289 patients’ information was stored on the stolen server.

Physical security at Stonehaven Dental offices has now been enhanced and all devices storing patient information have been encrypted.

Author: Maria Perez