A Professional Dermatology Care ransomware attack has been reported to the Department of Health and Human Services’ Office for Civil Rights, in accordance with Health Insurance Portability and Accountability Act (HIPAA) Rules.
Cybercriminals from outside the United States gained access to a network server used by Professional Dermatology Care and installed ransomware. The ransomware encrypted a range of data including the protected health information of patients.
However, the criminals also potentially viewed and copied patient data during the time that access to the network server was possible. Data potentially compromised in the attack include patient names, dates of birth, mailing addresses, Social Security Numbers, Medicare numbers, billing information and medical records. Access to the network server was gained on June 19, 2016 and financial and medical data were potentially accessible until June 27, when the breach was discovered.
While patient data may have been accessed, the Professional Dermatology Care ransomware attack is believed to have been conducted only to try to extort money from the company. The breach report does not mention whether the ransom was paid or whether data were recovered from a backup. The infection has now been removed and the incident has been reported to the FBI and the state Attorney General’s office.
13,237 patients are now being notified of the Professional Dermatology Care ransomware attack, as required by the HIPAA Breach Notification Rule. All affected individuals are being offered a year of identity theft protection and resolution services through All Clear. No misuse of patient data has been reported to date, although patients have been informed to be on alert for fraudulent activity and have been instructed to monitor their accounts carefully.
According to the breach report, this is the first hacking incident to have occurred in 10 years of using electronic health records. In response to the Professional Dermatology Care ransomware attack, additional security protections have been put in place to prevent any further incidents. Those measures include a new firewall and anti-malware software.