Centrelake Medical Group exposed PHI of certain patients due to a Computer Virus

Centrelake Medical Group has been notifying a number of patients that some Protected Health Information (PHI) of them has been exposed due to a computer virus.

The computer virus has been discovered in Feb. 2019 when, due to the virus, the medical group was not able to access its files. This virus seems to be of a ransomware form, although nothing was mentioned about ransomware or any ransom demand in media notice that was issued by Centrelake.

A computer forensics firm was retained by Centrelake to help with the investigation in order to determine scope of this attack, and found whether any of the files containing PHI was accessed or copied.

As per the investigation, Centrelake's servers had been accessed by an unauthorized individual on Jan. 9, 2019. Before deploying the virus on Feb. 19, 2019, this unauthorized individual was successful in accessing the servers undetected.

Once hackers have breached the security defenses, ransomware getting installed on systems is not uncommon. In fact in a few cases, ransomware is being deployed after system investigation is done and all the valuable data got exfiltrated. In this current case, computer forensics firm did not have any evidence that will suggest patient information has been accessed or copied, and also no reports were received that will suggest any actual or attempted misuse of data has happened.

The servers that were accessed by unauthorized third party contains software applications as well as files might having patient information such as names, addresses, phone numbers, Social Security numbers, diagnoses, services performed, health insurance information, dates of service, driver's license numbers, medical record numbers, and referring provider information.

Centrelake Medical Group already has told the patients to remain alert to possibility of the data misuse; and also suggested the patients that they should monitor their credit reports, financial accounts, as well as explanation of the benefits statements for finding any kind of fraudulent activity. For obtaining more information, a toll-free number was set up for the patients. However, right now it does not look like that the patients were provided with identity theft protection and credit monitoring services.

The breach portal of Department of Health and Human Services' Office for Civil Rights indicates that 197,661 patients were affected.

» SPAMfighter News - 5/10/2019