Breaches at Texas Network of Walk-in Clinics, Randleman Eye Center and California Dental Practice

Maze Ransomware Attack at Texas Network of Walk-in Clinics

A Maze ransomware gang attacked AffordaCare Urgent Care Clinic, which is a network of walk-in clinics throughout Texas. A recent DataBreaches.net report stated that the hackers had stolen 40GB of data before encrypting the data files. The attackers published some of the stolen data on the internet after AffordaCare declined to pay the ransom demand.

The information published by the attackers included patient contact information, medical histories, diagnoses, payment records, medical insurance details, and employee payroll information. The number of affected patients is still uncertain since the incident is not yet posted on the breach portal of the HHS’ Office for Civil Rights.

Ransomware Attack at Randleman Eye Center

Randleman Eye Center located in North Carolina has suffered a ransomware attack that impacted a server that contains the protected health information (PHI) of patients. The eye center detected the attack on January 13, 2020 and engaged a third-party computer forensics company to help with the breach investigation.

Though the investigation is not yet finished, the investigators have established that the attackers encrypted and potentially accessed patient data. The information contained in the server included names, genders, birth dates, and digital retinal images.

Randleman Eye Center already informed the impacted patients and will enhance security to avoid the same attacks later on.

Burglary at California Dental Practice

Genuine Dental Care in Saratoga, CA found out on January 16, 2020 that there was a break-in by thieves in its offices. A stolen server contained the PHI of 2,190 patients. Though multiple passwords are needed to access the patient data on the server, it is still possible that patient information was accessed by thieves.

The server contained the following patient data: names, addresses, phone numbers, drivers’ license numbers, Social Security numbers, medical insurance data, dental records, and certain financial data such as credit card numbers. According to Genuine Dental Care, the medical images of some patients who had dental services from June 2019 to January 2020 were permanently irretrievable.

Genuine Dental Care already reported the incident to the San Jose Police Department and an investigation is ongoing. Steps had already been taken to strengthen physical security and further technical controls were put in place to secure patient information.

About Christine Garcia 1191 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA