Ransomware attack affects 85,000 patients in LA
The Center for Orthopaedic Specialists in the greater Los Angeles area—part of the Providence Health & Services delivery system—is offering 85,000 patients a comprehensive suite of protective services after a ransomware incident earlier this year.
The attack affected three of the center’s five sites, with malicious software deployed to gain access to and encrypt patient data “in the hopes of getting COS to pay money to restore access to the patient data,” the center said in a public notice.
The center’s technology vendor recently notified the organization that an unauthorized party began attempting to access the computer system in February, and the vendor permanently removed the affected computer system before any information could be removed. The center did not indicate when the vendor told it of the attack.
The center does not believe patient information was removed but notified all patients because the information was stored on a system that had been compromised. Data at risk included patient names, addresses, dates of birth, medical records information and Social Security numbers.
The Center for Orthopaedic Specialists is offering the MYIDCare protection service of ID Experts—it includes two years of identity, credit monitoring and complete recovery services, which is a more expansive program that those historically offered to breach victims. Additional protections through the ID Experts program include monitoring criminal websites, chat rooms and bulletin boards for illegal selling or trading of protected health information and identity theft insurance coverage of as much as $1 million.
The center also is educating patients on how to protect their accounts and emphasizing the need to obtain credit reports from the three credit monitoring companies. Additional information from the Center for Orthopaedic Specialists was not immediately available, and it did not respond to requests for additional comment on the incident.