PHI Likely Exposed in Eye Center and Law Company Ransomware Attacks

Francisco J. Pabalan MD of Pabalan Eye Center based in Riverside, CA has said a ransomware attack has impacted approximately 50,000 patients.

The center found out about the attack on March 3, 2021. The investigators affirmed that the attack began on March 1. The hackers encrypted records on servers and computers, therefore, blocking patient data. They also demanded a ransom to get back the patient data. All affected computers and servers were copied just before the ransomware attack, thus encrypted data restoration is possible even though not paying the ransom.

The investigation didn’t uncover any proof of theft of data. The attack appears to have been done merely to disrupt services so as to extort dollars from the eye center. Right after the attack, all computers and servers were altered before the installation of OS’s and applications, and patient information was then recovered from backup copies.

More security actions have been put in place, which include utilizing brand new anti-virus and anti-ransomware software programs, a new Security Rule Risk Management Program, and new data encryption solutions. New techie safety measures were launched to reinforce security, like new, safe VPN protected links to servers, current password policies, and extra training provided to the labor force to support the detection of security dangers. Moving ahead, routine technical and non-technical reviews and updates are going to be carried out.

Though it doesn’t seem that the hackers got financial data, all impacted patients were cautioned to be careful and keep an eye on their account statements and for any clues of identity theft or fraudulence. Protected health information (PHI) likely compromised in the attack consists of scanned insurance forms, test results, imaging, diagnostic tests, and scanned previous medical data.

Campbell, Conroy, O’Neill Law Agency Reports a Ransomware Attack

Campbell, Conroy, O’Neill law firm located in Boston, MA has reported a ransomware attack on or approximately February 27, 2021.

The threat actors encrypted a number of data files on its systems which blocked access. The investigation indicated the threat actor had accessed files comprising sensitive data during the breach. It wasn’t possible to find out if the threat actor viewed or acquired details pertaining to specified persons.

The types of information included in the files differed from person to person. One or more of these data elements are affected: Names, birth dates, state ID numbers, driver’s license numbers, financial account details, Passport Numbers Social Security numbers, payment card data, health data, medical insurance details, biometric records, and online account experience including usernames and passwords.

Campbell, Conroy, O’Neill has performed an assessment of guidelines and procedures and more safety measures are being put in place to avoid additional attacks. People whose Social Security number was probably exposed in the occurrence were given a free 24-months membership to fraud consultation, credit tracking, and identity theft restoration solutions.