Riverplace Counseling Center Malware Attack Impacts 11,639 Patients’ PHI

A malware was installed on the systems of Riverplace Counseling Center in Anoka, MN, which resulted to the access of the protected health information (PHI) of patients by unauthorized persons.

The counseling center discovered the malware infection on January 20, 2019. An IT company conducted a forensic analysis, got rid of the malware, and restored its systems using backups. The IT experts completed the forensic analysis on February 18, 2019.

The IT investigators found no evidence that indicate the unauthorized access or copying of patient information. But there is still the possibility of data and PHI access or theft. The types on data that are contained in the affected systems are the patients’ names, addresses, birth dates, health insurance details, Social Security numbers, and treatment data.

The counseling center notified the affected individuals about the breach on April 11, 2019 and offered them free identity theft monitoring services by Kroll for one year. No report was received up to now concerning the misuse of any patients’ PHI.

Riverplace Counseling Center did not publicly announce what type of malware and how it was installed on its systems. To enhance its systems security and lower the risk of another malware attack, the center installed spam filters, upgraded its antivirus software program and firewalls, and provided employees with more HIPAA training to help them detect unauthorized access. The counseling center also contacted a cybersecurity company to get recommendations on policies and procedures that would enhance system-wide security.

According to the Department of Health and Human Services’ Office for Civil Rights breach summary report on its website, about 11,639 patients had their PHI potentially compromised.

About Christine Garcia 1304 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA