Jefferson Surgical Clinic Announces June 2021 Data Breach with 174,769 Patients Affected

Jefferson Surgical Clinic based in Roanoke, VA has started alerting patients concerning the potential compromise of some of their protected health information (PHI) due to a cyberattack that was uncovered on June 5, 2021.

Based on the breach notification letter submitted to the Maine Attorney General, the attacker acquired access to areas of the network that held patient data including names, Social Security numbers, birth dates, and health and treatment data. Jefferson Surgical Clinic immediately informed the Federal Bureau of Investigation regarding the breach and involved third-party cybersecurity and forensics experts to help the investigation.

The investigation discovered no proof that suggests any patient information was or will be misused because of the security breach; nevertheless, to protect against identity theft and fraud, the clinic has provided affected patients complimentary credit monitoring and identity theft protection services for 12 months.

The Maine Attorney General was advised that the sections of the system accessed by the hacker comprised the PHI of 174,769 individuals and that names or personal identifiers were taken along with Social Security numbers. Jefferson Surgical Clinic did not state any reason as to the reason it took 7 months to send breach notifications to patients and authorities.

10,438 Individuals Impacted by Ransomware Attack on Non-Profit

A New Leaf, Inc. in Broken Arrow, OK is a non-profit provider of services to people with developmental handicaps, has begun sending notifications to 10,438 persons regarding the potential exposure of some of their PHI during a ransomware attack in March 2021.

Because of the encryption of files on its network, A New Leaf, Inc., discovered the attack on March 30, 2021. Helped by a top-rated cybersecurity company, A New Leaf confirmed that prior to file encryption, the attacker exfiltrated some files from its system.

At first, because of the nature of the incident and the impacted systems, it was assumed that no protected health information was breached, however, the investigation revealed on June 23, 2021, that several documents obtained by the attackers included personal information and PHI. A manual evaluation was conducted to know what details were acquired and where the affected individuals resided. That audit was finished on October 11, 2021, and A New Leaf sent notification letters to impacted persons on December 30, 2021.

A New Leaf has given the affected persons with a free membership to Experian IdentityWorks Credit 3B’s identity theft protection and credit monitoring services for 2 years.

About Christine Garcia 1297 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at