Data Breaches at Southeastern Minnesota Oral & Maxillofacial Surgery and Elizabeth Family Health

Southeastern Minnesota Oral & Maxillofacial Surgery (SEMOMS) made an announcement a ransomware attack that caused the potential exposure of the protected health information (PHI) of about 80,000 patients.

The ransomware attack was seen on September 23, 2019. The IT crew reacted to the situation and separated the impacted server and took measures to bring back the encrypted information. It is not clear if SEMOMS paid off the ransom or if the IT staff had recovered the server using backups.

Aided by computer forensics professionals, SEMOMS confirmed that the impacted server comprised of names and X-ray photos and that an unauthorized person accessed the server. No information was discovered to indicate the attackers viewed or downloaded patient data, however it can’t be made certain that there were unauthorized ePHI access and theft of information. Therefore, notification letters were given to all individuals whose PHI was likely exposed.

28,375 Elizabeth Family Health Patients’ Data Exposed

Elizabeth Family Health based in Elizabeth, CO, is informing 28,375 patients regarding the exposure of some of their PHI.

Somebody broke into the Elizabeth Family Health facilities and vandalized on September 23, 2019. The perpetrator took a number of items from the facilities, which include server backup tape cartridges, which contained the PHI of patients, such as names, demographic data, and Social Security numbers.

There was no report received by Elizabeth Family Health about the misuse of patient data, however, breach notifications were mailed to impacted persons as a safety measure. The healthcare provider also gave instructions on what to do to avoid the misuse of their personal information.

About Christine Garcia 1309 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at