925 Patients Impacted by Coastal Cape Fear Eye Associates Ransomware

February 16, 2018 Patrick Kennedy HIPAA Updates Comments Off on 925 Patients Impacted by Coastal Cape Fear Eye Associates Ransomware

The protected health information (PHI) of 925 patients of Coastal Cape Fear Eye Associates has been compromised in a ransomware attack.

North Carolina’s Coastal Cape Fear Eye Associates, P.A., found that its systems had been breached on December 5 2017. Upon noticing the ransomware attack, Coastal Cape Fear Eye Associates hired external IT professionals to contain the attack and delete the ransomware. The IT experts were able to limit the harm caused and the malware was deleted, although some files remained locked and inaccessible for a period of time.

According to a substitute breach notice published  on the healthcare provider’s website on February 1, 2018, the delay in issuing alerts to affected patients was because it was not possible to access certain files to figure out what information was involved and which patients were hit. Coastal Cape Fear Eye Associates has only recently been able to access all encrypted files that were compromised.

Under HIPAA Regulations, healthcare groups are required to report ransomware attacks unless the attacked body finss there was a low probability of PHI being accessed. Ransomware typically blindly encrypts files and file access is not usually involved, even so, the Department of Health and Human Services’ Office for Civil Rights (OCR) has published guidance on ransomware attacks that indicate – in the majority of cases – ransomware attacks should be reported and patients alerted.

In this instance, the investigation into the attack showed that data access was likely to have happened, although no proof was uncovered to indicate any information had been stolen by the attacker.

The files included a wide variety of highly sensitive information including names, dates of birth, addresses, phone numbers, email address details, Social Security numbers, insurance card data, driver’s license numbers, emergency contact details, ethnicities, medications, medical records, diagnosis records, physician notes, billing and payment transaction, legal documents, and scanned copies of driver’s licenses, insurance cards and Medicare cards.

Coastal Cape Fear Eye Associates and its IT consultants are still investigating the attack and will be adapting additional security processes to avoid future security breaches like this.

About Patrick Kennedy 619 Articles
Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile: https://www.linkedin.com/in/pkkennedy/
LinkedIn