Ransomware attack affects data of 128,000 patients

Register now

Arkansas Oral & Facial Surgery Center discovered in July that it was the victim of a ransomware attack that eventually affected the information of 128,000 patients.

“We promptly began an investigation which revealed that the ransomware had been installed on our systems at some point earlier that morning or the evening before,” according to a notification letter from the practice, which serves Springdale, Fayetteville and Harrison.

The hackers’ motivation appears to be extortion and not the theft of patient information, according to the organization. A limited set of protected health information was affected, primarily diagnostic images and attachments, and patient information appears to have not been stolen.

Also See: How providers can bolster their ransomware defenses

However, the ransomware apparently rendered image files, documents and all electronic patient visit data during the previous three weeks inaccessible. In addition to radiology data, other compromised information included patient names, addresses, dates of birth, Social Security numbers, diagnoses, treatment plans, conditions and health insurance information.

Arkansas Oral & Facial Surgery Center is offering affected individuals one year of identity repair and credit monitoring protection from AllClearID. The organization also advised patients to place a fraud alert or security freeze on their credit reports and included information on how to do that.

When contacted for further comment, executives at the practice declined to provide additional details on the incident.

For reprint and licensing requests for this article, click here.