Ransomware Attacks on First Impressions Orthodontics, Kids First Dentistry & Orthodontics, and Hendrick Health Patients

A ransomware attack on First Impressions Orthodontics, a Professional Dental Alliance of Connecticut PLLC’s subsidiary, occurred on September 28, 2020 that resulted in the potential compromise of the protected health information (PHI) of 23,000 patients.

Backups were performed on a regular basis and saved securely, thus patient information can be restored without paying the ransom. Besides the 23,000 patients of First Impressions Orthodontics, the breach also affected 5,000 patients of Kids First Dentistry & Orthodontics who got x-rays from First Impressions Orthodontics.

The types of information possibly exposed included names, phone numbers, addresses, email addresses, Social Security numbers, dental records, dental images, dental insurance numbers, service charge amounts, and payments obtained for services given. For patients who just had their x-ray images compromised, the information exposed only included their name, birth date, and insurance data.

Affected persons received notifications in compliance with HIPAA breach notification rules. However, there was no evidence that suggests data access, theft, or misuse. As a safety precaution, affected persons were given a free membership to credit monitoring and identity theft protection services for two years.

Hendrick Health Enforces EHR Downtime Procedures Due to Suspected Ransomware Attack

A cyberattack on Hendrick Health based in Texas resulted in taking its IT system and EHR offline to remediate the threat. The alleged ransomware attack occurred on November 9, 2020 and impacted the medical center of Hendrick Health located on the main campus and a few of its clinics. The cyberattack did not affect Hendrick Medical Center South and Hendrick Medical Center Brownwood.

Hendrick Health stated that the cyberattack did not affect patient care and it continued to provide inpatient services; nevertheless, a number of patients were taken to other campuses for medical care while remediation efforts are ongoing. Certain outpatient services were rebooked.

Hendrick Health is working 24 hours a day to reestablish its systems. Meanwhile, medical center employees have used pen and paper for logging patient data.

About Christine Garcia 1304 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA