Backup data aids Jones Eye Clinic in rebound from ransomware

Register now

Jones Eye Clinic and its affiliated surgery center was victimized by a ransomware attack, but was able to recover with timely use of backup information.

The clinic, and its CJ Elmwood Partners surgery center—together operating three sites serving parts of Iowa and South Dakota—is recovering from the attack, which affected as many as 40,000 individuals.

On August 23, the practices discovered that the computer network was locked with ransomware, and it received a payment demand to unlock the network.

“That same day, we restored our data using backup information and ended the attack without paying the ransom amount,” according to the practice. “However, while our systems were under attack, there is the possibility that the attackers could have gained unauthorized access to protected health information of patients of both Jones Eye Clinic and the Surgery Center.”

Also See: Why providers need to brace for ransomware attacks this fall

The practice hired a computer forensic specialist and called the FBI. The investigation found the virus was loaded one day earlier, and during overnight hours, the attackers would have had the ability to access patient data in the billing and scheduling software. The attack did not affect the provider’s electronic health records system.

Compromised data in the billing and scheduling systems included full names, addresses, dates of birth, dates of services, medical record numbers, insurance status, claims information, Social Security numbers, and descriptions of visits and surgeries. Bank account and credit card information were not affected. “We engaged multiple information technology companies to assist with restoring our systems and deploying new technology to prevent future intrusions,” according to the notice.

The practices are offering affected patients credit monitoring services for one year; it encouraged patients to place fraud alerts on credit files to make it more difficult for someone to get credit under an individual’s name.

More information on the attack was not available.

For reprint and licensing requests for this article, click here.