A malware was installed on the systems of Riverplace Counseling Center in Anoka, MN, which resulted to the access of the protected health information (PHI) of patients by unauthorized persons.
The counseling center discovered the malware infection on January 20, 2019. An IT company conducted a forensic analysis, got rid of the malware, and restored its systems using backups. The IT experts completed the forensic analysis on February 18, 2019.
The IT investigators found no evidence that indicate the unauthorized access or copying of patient information. But there is still the possibility of data and PHI access or theft. The types on data that are contained in the affected systems are the patients’ names, addresses, birth dates, health insurance details, Social Security numbers, and treatment data.
The counseling center notified the affected individuals about the breach on April 11, 2019 and offered them free identity theft monitoring services by Kroll for one year. No report was received up to now concerning the misuse of any patients’ PHI.
Riverplace Counseling Center did not publicly announce what type of malware and how it was installed on its systems. To enhance its systems security and lower the risk of another malware attack, the center installed spam filters, upgraded its antivirus software program and firewalls, and provided employees with more training to help them detect unauthorized access. The counseling center also contacted a cybersecurity company to get recommendations on policies and procedures that would enhance system-wide security.
According to the Department of Health and Human Services’ Office for Civil Rights breach summary report on its website, about 11,639 patients had their PHI potentially compromised.