Author: Joseph Goedert
Information Management, August 2016
Professional Dermatology Care in Reston, Va., is notifying about 13,237 patients after suffering a ransomware attack in June.
The practice discovered the breach on its network server on June 27; the attack turned out to be a ransomware incursion that encrypted patient data. “PDC believes the criminals’ motive was to extract money from the company in order to decrypt data, rather than for the misuse of patient data,” according to a letter to patients.
Whether ransom was paid or the attack was mitigated, however, is not clear; a spokesperson for the practice did not respond to a request for more information.
Protected health information at risk included patient names, addresses, dates of birth, Social Security numbers, Medicare numbers, and medical and billing records.
Professional Dermatology is offering identity protection services and urging patients to check credit reports. The provider has undertaken several steps to increase security, including installing a new firewall and additional malware protection.
The breach is posted on the HHS Office for Civil Rights’ web site of breaches that have affected the health information of more than 500 individuals.