Medical Oncology Hematology Consultants, an eight-physician practice in Delaware, on July 7 learned it was the target of a ransomware attack that started in June 17 and affected the server and desktop workstations.

Some 19,203 affected individuals, including some residents of Oregon, are being notified of the breach. The practice is not aware of any unauthorized access, use or disclosure of protected health information, according to the notification letter.

Compromised data included patient names, dates of birth, phone numbers, health information and treatment information.

The practice hired third-party experts to recover affected data and ensure its information systems were no longer subject to ransomware, and then engaged in a comprehensive effort to harden its policies and systems.

Also See: 4 keys to better defend healthcare data against ransomware

“Specifically, we have reset our network passwords, restored our servers from pre-incident backups, reviewed and revised our document retention policies, retained a forensic expert to evaluate the incident, determine the source of the intrusion and recommend additional preventive measures,” the letter to patients noted. In addition, the practice “conducted an email phishing test, provided additional security training to our employees, installed an umbrella web filtering system, implemented a two-factor login authentication system, consolidated our servers and systems to eliminate redundancies and re-evaluated our access privileges.”

Medical Oncology Hematology Consultants also is offering 12 months of free credit monitoring services and identity theft protection from ID Experts, along with a $1 million reimbursement insurance policy and restoration services, according to the practice’s attorney.

The practice is also providing affected individuals with information on protecting their accounts, along with directions on adding a fraud statement to credit files.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access