The Sierra Vista, AZ-based ophthalmology and optometry provider Cochise Eye and Laser experienced a ransomware attack on January 13, 2021 that resulted in the encryption of its patient scheduling and billing software.
The attack prevented Cochise Eye and Laser from accessing any data in its scheduling system. Eye care services continued to be provided to patients, with the practice reverting to using paper charts. According to a February 17, 2021 breach notice on its website, paper charts were still in use as the scheduling system remained out of action.
The investigation into the ransomware attack found no evidence to indicate any patient data were exfiltrated prior to the encryption of files; however, data theft could not be ruled out. The types of information potentially accessed by the attackers included names, dates of birth, addresses, phone numbers and, for some individuals, Social Security numbers.
Since the attack, Cochise Eye and Laser has been working on improving the security of its systems and is implementing a new offsite backup system. Efforts to recover the encrypted data are ongoing and patient charts will be used to rebuild its schedules.
The ransomware attack has been reported to the HHS’ Office for Civil Rights as affecting up to 100,000 patients.
Petersburg Medical Center Discovers Insider Privacy Breach
Petersburg Medical Center in Alaska has discovered an employee accessed the medical records of certain patients without authorization, when there was no legitimate work reason for doing so.
An internal investigation was launched as soon as the unauthorized access was discovered, and the medical center was satisfied that there have been no further disclosures by the employee and no patient information was removed from the medical center.
Following the breach, the medical center took steps to prevent the employee “from accessing any patient records now or in the future.” It is unclear whether the sanctions included termination. Steps have since been taken to prevent any further privacy violations at the medical center and affected individuals have been notified by mail.
The post Up to 100,000 Individuals Affected by Cochise Eye and Laser Ransomware Attack appeared first on HIPAA Journal.