The ophthalmology and optometry provider based in Sierra Vista, AZ, Cochise Eye and Laser, encountered a ransomware attack last January 13, 2021 that brought about the encryption of the company’s patient scheduling and billing software program.
Because of the attack, Cochise Eye and Laser could not access any information in its scheduling program. It continued to provide eye care services to patients, albeit using paper charts. Based on a breach notice published on its website on February 17, 2021, the company still use paper charts because the scheduling system is still not working.
The investigators of the ransomware attack did not find any evidence that suggests the exfiltration of any patient information before file encryption; nonetheless, data theft cannot be eliminated. The attackers possibly accessed the following types of data: names, birth dates, addresses, telephone numbers and Social Security numbers for certain persons.
After the attack happened, Cochise Eye and Laser has been enhancing systems security and using an innovative offsite backup program. Work on encrypted data recovery is still in progress and patient charts are going to be utilized to restore its schedules.
The provider has reported the ransomware attack to the HHS’ Office for Civil Rights indicating that as many as 100,000 patients were affected.
Petersburg Medical Center Uncovers Insider Privacy Breach
Petersburg Medical Center based in Alaska just found out that an employee accessed certain patients’ medical records with no authorization and no valid work reason.
The moment the unauthorized access was found out, the medical center launched an internal investigation and it was reported that the employee did not commit further disclosures and there was no reported removal of patient information from the medical center.
After the breach, the medical center took action to keep the employee from getting access to any patient data now or later on. It is uncertain if the sanctions also involved termination. The medical center has since taken steps to avert any more privacy violations and has mailed notification letters to the affected persons.