Ransomware attack hits South Dakota plastic surgery practice

Plastic Surgery of South Dakota is offering about 10,200 current and former patients a year of credit and identity protection services amid concerns that their data was accessed during a mid-February ransomware attack.

The organization removed the ransomware from its information systems and decrypted data, then brought in security experts to determine if any data was accessed by unauthorized users. While the majority of records were not accessed, the practice was unable to rule out whether a smaller subset of patient records had been breached.

Plastic Surgery Associates2-CROP.jpg

To date, however, there is no evidence of any actual or attempted misuse of data, the practice noted in a patient notification letter. Information that could have been compromised includes patients’ names, driver’s license numbers, Social Security numbers, state identification numbers, credit and debit card information, medical conditions and diagnosis information, lab results, addresses, dates of birth and health insurance information.

Also See: Security a priority for providers, not just a compliance concern

Plastic Surgery of South Dakota is further suggesting a range of steps for affected individuals to take to protect themselves, including monitoring credit reports and explanations of benefits; getting free credit reports from the three major credit bureaus; placing fraud alerts on credit files and placing a security freeze on credit reports, which prohibits release of information from the reports absent consumer authorization.

The practice declined to provide further details about the incident beyond a patient notification letter.

For reprint and licensing requests for this article, click here.