23,500 Patients Impacted by Connecticut Eye Clinic Ransomware Attack

February 7, 2019


Dr. DeLuca Dr. Marciano & Associates, P.C., the main eye care clinic in Prospect, CT, has suffered a ransomware attack that has led to the encryption of files having patients’ protected health information.

The attack happened on November 29, 2018. Swift action was taken to close down the network to avoid the spread of the infection, but it was impossible to stop the encryption of files on two servers used to save patient-related files. A ransom demand was received but no payment was made. The encrypted files were successfully restored from standbys.

An inquiry of the breach revealed that the two servers affected by the attack had patient files that contained information such as patient names, Social Security numbers, and some treatment information.

Dr. DeLuca Dr. Marciano & Associates has taken steps to avoid more cyberattacks, which contain closing distant access to the network, applying technical solutions to safeguard against ransomware, and improving its anti-virus software.

Although there is no sign that patient information was accessed or stolen, all persons whose protected health information was possibly compromised have been informed by post and, out of an abundance of caution, offered free credit checking and identity theft protection facilities.

The ransomware attack has been informed to all appropriate authorities. The breach information submitted to the Division of Health and Human Services’ Office for Civil Rights (OCR) shows 23,578 patients have been affected by the breach.

Patients’ PHI Possibly Accessed in Chaplaincy Health Care Phishing Attack

Chaplaincy Health Care, a not-for-profit supplier of hospice, behavioral health, comforting care, and chaplain facilities in the tri-cities area of southeast Washington, has found an illegal person has gained access to the electronic mail account of a worker and possibly saw patients’ protected health information.

The breach was noticed on November 20, 2018 – The same day that the account was breached. Helped by a third-party computer forensics company, Chaplaincy Health Care concluded that an unknown person gained access to a single electronic mail account for a period of about 4 hours.

Emails in the account had patients’ names, home addresses, dates of birth, medical record numbers, prescription information, dates of service, and the last four digits of Social Security numbers.

Breach notification letters were mailed to affected persons on January 3, 2019. Free credit checking and identity theft protection facilities have been offered to breach sufferers.

The breach has prompted Chaplaincy Health Care to provide additional training on email safety to workers. 2-factor verification has also been implemented to protect against illegal account access.

The breach report submitted to OCR shows the PHI of 1,086 patients was possibly accessed.