Austin Manual Therapy (AMT) notified their 1,750 patients that some of their PHI might have been accessed and thieved by a criminal attacker who accessed their system.
A forensic investigation through prominent national cybersecurity team disclosed access was initially gained on October 3, 2017 and carried on until October 9, when the incursion was found out and blocked. As per the breach notice displayed on the AMT site, access wasn’t gotten to the organization’s electronic medical documentation system. Just a limited part of the computer system was accessed – one laptop as well as a common file system.
Although the forensic inquiry verified that access to a few files had been achieved, it was unclear how much information was seen and which, if any, documents had been stolen. An inquiry of the file system and computer indicated that the following information might have been retrieved: Names, referring physician information, driver’s license information, diagnoses, health screening information, insurance coverage and policy information, occupations, charge amounts, dates of service, phone numbers, dates of birth, addresses, and partial and full Social Security numbers.
The breach inquiry has largely been finished, although TMD disclosed it is going on to actively work with forensic agents and that the inquiry will likely continue until the end of the year.
Extra security measures have now been implemented to avoid this type of attack from occurring in the time to come. While the precise nature of the attack wasn’t detailed in the TMD breach report, Databreaches.net has reported that this was a blackmail attempt by the hacking group TheDarkOverlord.
Individuals affected by the breach have been informed that they can obtain free credit details and place a fraud alert and safety freeze on their accounts, but it would not seem that credit monitoring or identity theft safety services have been offered.