The Rochester Hills, MI-based prosthetics, orthotics, and accessibility solution provider, Wright & Filippis, has recently announced that it was the victim of a ransomware attack on its network. The attack occurred between January 26 and January 28, 2022, and while the attack was detected by the firm’s endpoint security solution shortly after the ransomware was executed, it was not possible to prevent the encryption of certain files on its network.
Third-party security experts were engaged to investigate the nature and scope of the attack, with the investigation concluding on or around May 2, 2022, that files containing the protected health information of patients and employees may have been accessed and exfiltrated from its network. The investigation confirmed that its electronic health record system and its human resources systems were not affected by the attack.
A comprehensive review of all files potentially compromised in the attack revealed they contained the protected health information of 877,584 current and former patients, employees, and job applicants. Affected patients had their names, birth dates, patient numbers, Social Security numbers, financial account numbers, and/or health insurance information exposed. Current and former employees and job applicants have had their names, birth dates, Social Security numbers, driver’s license numbers, and/or state IDs exposed, as well as financial account numbers for a limited number of individuals.
Wright & Filippis said that at the time of issuing notification letters, no evidence had been found to suggest any actual or attempted misuse of the stolen information; however, out of an abundance of caution, affected individuals have been offered complimentary access to identity monitoring, fraud consultation, and identity theft restoration services. The delay in issuing notifications to affected individuals was due to the time-intensive process of investigating the breach, reviewing the affected files, and confirming contact information for affected individuals.
Wright & Filippis said the company has implemented additional endpoint detection and response software, reset all passwords, and rebuilt all the affected servers.
The post 877,500 Individuals Affected by Ransomware Attack on Prosthetics & Orthotics Provider appeared first on HIPAA Journal.