Ransomware Attacks Reported by Jax Spine & Pain Centers and Extend Fertility

March 3, 2022 Christine Garcia HIPAA News

Jax Spine & Pain Centers

Jax Spine and Pain Centers based in Jacksonville, FL has recently reported that it encountered a ransomware attack that happened on January 24, 2022. The attack was performed on an inactive server that stored data of patients who had been to either its Jacksonville or St. Augustine locations prior to May 2018.

Jacksonville Spine Center stated the attackers stated they have stolen data files from the server and threatened to post the stolen information in case the ransom was not paid however did not say whether there was a payment made to stop the exposure of the data.

Monitoring software had been installed on the server which permitted the attack to be quickly identified, and because of the quick action done in response to the breach, the encryption of data was prevented. The moment the breach was noticed, the server was turned off, nevertheless, it wasn’t possible to avoid the exfiltration of a compressed file with patient records.

Jacksonville Spine Center said its current patient record system is based in the cloud and was not affected and the only patient information gotten in the attack was demographic details – names, addresses, dates of birth, and a few Social Security numbers.

Extend Fertility

Extend Fertility, a fertility clinic based in New York City, has just reported that unauthorized individuals potentially obtained the protected health information (PHI) of 10,373 patients as a result of a ransomware attack, which was noticed on December 20, 2022.

An investigation of the attack was started and third-party computer forensics specialists were employed to find out the nature and extent of the security breach. The preliminary investigation came to a conclusion on January 28, 2022, and confirmed the attackers had acquired access to its networks on or about December 15. 2021, and encrypted files on its network and servers with success. Although data theft was not 100% affirmed, Extend Fertility stated it is possible files with patient data were stolen from its servers.

An evaluation of all files possibly impacted confirmed they comprised these types of data: First and last name, home address, telephone number, gender, email address, birth date, medical background, diagnosis and treatment data, date(s) of service, laboratory test data, prescription details, provider name, medical account number, group plan provider, medical insurance policy and group plan number, and claim details.

Extend Fertility explained it is not aware of any attempted or actual misuse of patient data; nevertheless, as a safety measure, affected persons were provided free credit monitoring and identity theft protection services. Extend Fertility stated it is meeting with external security specialists to determine ways to improve security and to implement extra safeguards according to the recommendations. The cybersecurity training program of employees will likewise be improved.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA
Twitter