Breaches at Ohio Eye Care Provider and NCH Healthcare System Potentially Compromised Patient PHI

Eye Care Associates, a fully integrated eye care provider in the northeast Ohio region, had a ransomware attack in late July which led to the inaccessibility of its computer systems. Two weeks after the attack, the provider’s computer systems remain locked.

Mary Jo Silva, the Director of Operations, reported that the ransomware attack took place on July 28, 2019. Eye Care Associates has advised the Beaver Township Police Department and the company’s board regarding the attack.

The attackers gave a ransom demand but did not specify the amount. Silva said that the provider did not contact the attackers to ask about the ransom amount and did not pay the ransom. Eye Care Associates is working on the recovery of all encrypted files using backup files and the file storage service provider is helping with the process. It is expected that systems will be back online in a few days. The investigators of the attack reported no evidence of patient data theft. The Business Journal also reported that email was targeted to initiate the ransomware attack.

The attack caused a major interruption of hospital procedures. It was impossible to book new appointments for two weeks because of the inaccessibility of the appointment system. The hospital personnel use its paper documents each time a patient is treated.

NCH Healthcare System Phishing Attack

NCH Healthcare System located in Naples, FL had a phishing attack that led to the exposure of patient data. NCH Healthcare found out on June 14, 2019 that its payroll system is having suspicious activities. A third-party computer forensics team looked into the problem and determined the breach of some employees’ email accounts as a result of responding to phishing emails.

It’s possible that the attackers have accessed or copied the data of patients found in email messages and attachments. NCH already informed the patients regarding the breach and advised them to keep an eye of their financial statements for possible suspicious transactions.

It is still unknown how many NCH Healthcare System patients were affected by the ransomware attack.

About Christine Garcia 1304 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA