Data of 11,639 Riverplace patients at risk from malware

Riverplace Consulting Center, Anoka, Minn., is notifying 11,639 patients and the HHS Office for Civil Rights after finding malware in its information systems.

“Although at this time there is no evidence of any attempted or actual misuse of anyone’s information as a result of this incident, we have taken steps to notify all potentially impacted individuals and to provide resources to assist them,” the addiction treatment center said in a letter to patients earlier this month.

Riverplace Counseling1-CROP.jpg

Riverplace Consulting discovered the breach on January 20; it hired a data security firm to help remove malware and restore information systems from backups. Forensic experts also were brought in to determine how the intrusion occurred and whether the intruder accessed information. That investigation concluded in February.

Also See: A1Care upgrades defenses against malware with Neushield offering

But while the investigation did not concluded that data had been accessed, experts could not rule out the possibility that patient names, dates of birth, personal information, insurance information, treatment information and Social Security numbers may have been accessible.

In addition to mailing notifications, Riverplace Consulting also provided information on how patients can monitor and protect their personal information, as well as offering identity monitoring services from Kroll. Now, the organization is taking a wide range of steps to better secure its protected health information.

The enhanced security includes additional spam filters, firewalls, enterprise-wide antivirus software, additional staff training on identifying unauthorized access and engaging a cyber security firm to assist in implementing system-wide policies and procedures to prevent a similar incident.

Riverplace Consulting apologized to affected individuals, a process that the HHS Office for Civil Rights, which enforces the HIPAA rules, strongly suggests be done. “The privacy and protection of personal information is a top priority, and we sincerely regret any inconvenience or concern this incident may cause,” Riverplace Consulting’s letter told patients.

For reprint and licensing requests for this article, click here.