North Florida OB-GYN located in Jacksonville, FL found out that hackers acquired access to selected parts of its computer system holding personal and health information of patients and infected the system with a virus that encrypted the files.
When the breach was discovered on July 27, 2019, the provider shut down the networked computer systems and initiated breach response and recovery procedures. Third-party IT experts helped in investigating the breach. They confirmed whether there was indeed unauthorized access of parts of its networked computer systems and virus infection that led to file encryption. The investigation uncovered that its computer systems were most probably been compromised on or before April 29, 2019.
While system access was affirmed, there was no evidence that personal or medical data was accessed without authorization or stolen; nonetheless, unauthorized information access and exfiltration could not be ruled out.
Protected health information (PHI) possibly compromised in the attack was different from one patient to another and may have included the patients’ names, demographic information, birth dates, driver’s license number, ID card number, Social Security number, health insurance data, employment data, diagnoses, treatment data, and medical images.
North Florida OB-GYN advised the individuals affected by the breach to remain watchful and check their account statements to see if there was unauthorized use of their data. It does not appear that the affected individuals were offered credit monitoring and identity theft protection services.
North Florida OB-GYN was able to retrieve practically all files that the attacker encrypted. It is uncertain whether the attacker issued a ransom demand, which the company paid, or if the files were recovered using backups. North Florida OB-GYN already took steps to reinforce security and prevent similar incidents from occurring later on.
The breach report was already submitted to the HHS’ Office for Civil Rights and proper state authorities. The breach is not yet posted on the OCR breach portal, thus the number of patients affected by the breach is not yet clear.