PHI of 36,500 Austin Cancer Centers Patients Exposed

Austin Cancer Centers is notifying 36,503 patients regarding the compromise of some of their protected health information (PHI) because of a security incident identified on August 4, 2021.

Unauthorized people were learned to have acquired access to computer systems and deployed malware. To stop further unauthorized access, computer systems were instantly de-activated and law enforcement was advised. After that, Austin Cancer Centers had hired cybersecurity professionals to know about the particular nature and range of the incident. Austin Cancer Centers stated the malware is already removed, systems were reactivated and protected, and its facilities are open.

According to the forensic investigation of the data incident, hackers first obtained access to its computer systems on July 21, and possibly got access until the breach was uncovered on August 4. A thorough assessment was done to identify all files on the system that hackers may have accessed. Those files were found to comprise patient details for instance names, dates of birth, addresses, insurance provider names, and medical notes. The credit card numbers and Social Security numbers of some patients were at the same time exposed.

Austin Cancer Centers doesn’t think the attackers acquired access to all the networks, nevertheless, it was decided to notify 36,500 patients as a safety measure. Considering that the attackers did not have access to its network starting August 4, new patients who acquired medical services after that date were surely not affected.

Austin Cancer Centers mentioned the attackers were able to steer clear of recognition and cover their activities, so it took close to two weeks to identify the security breach. During the investigation, the top main concern was to make sure systems were secured and patient records were safe, and so notifications were deferred until it was certain that suitable safety procedures were ready.

There is no disclosure yet about the specific nature of the malware attack, or whether ransomware was used since the investigation into the security breach is in progress. Austin Cancer Centers explained additional information concerning the incident will be given to the impacted persons using its website when it is regarded as right for the information to be revealed.

Since the breach took place, Austin Cancer Centers has used extra technical steps to further strengthen security. The entire staff also got privacy and security training.

Affected persons received a 1-year membership to the Equifax Credit Watch™ Gold credit monitoring service for free. They also got automatic fraud warnings and insurance coverage through a $1,000,000 identity theft insurance policy.

Austin Cancer Center CEO, Laurie East said that they are saddened and upset by this incident. Attending to their patients during times of medical stress is their main business. The center apologizes to all affected patients for any worry produced and will do everything to deal with the situation and help them through needed steps to make certain their protection.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA