111,000 Patients Impacted in Imperial Health Ransomware Attack

by | Aug 3, 2019

A physicians’ network for patients based in Southwest Louisiana called Imperial Health is contacting over 111,000 patients to make them aware that a portion of their protected health information has potentially been illegally obtained as part of a ransomware attack.

An unauthorized party was able to install ransomware onto the network of physicians, which encrypted files and a database. The database in question was configured to be used by the Imperial Health’s Center for Orthopaedics (CFO). The ransomware attack was initially detected on May 19, 2019.

The physicians’ database contained the protected health information of 116,262 patients. While there has been no evidence of data access or data theft identified during the official investigation in the HIPAA breach, it was not possible to eliminate the possibility of a breach of PHI taking place. Due to this, the decision was therefore taken to issue notifications to impacted patients to allow them to take step to mitigate any damage that they could suffer.

The information held on the database was linked to patients who had previously been in receipt of medical services at CFO. The information impacted was different from patient to patient and may have included name, address, telephone number, birth date, Social Security number, medical record number, diagnoses, treatment information, medications, dates of service, treating physician, and other clinical related details.

The network made the incident known to the relevant law enforcement and is also is helping out with the investigation. Imperial Health has managed to delete the the ransomware from its network. In addition to this, thankfully, the impacted data was successfully restored for full use. New anti-virus software has now been deployed to which is in a better position to deal with the threat posed by malware and ransomware in the future.

A representative for Imperial released a statement that said no ransom was paid and that the notices were sent out of an abundance of caution because. However, it went on to say, the network does not believe any patient information was taken.

The letter sent to patients advised that patients impacted should take the following steps to safeguard themselves from potential harm from the incident:

  1. Register a fraud alert with the three credit bureaus Experian (888) 397-3742, TransUnion: (800) 680-7289 and Equifax: (800)525-6285; www.equifax.com
  2. Review all credit card statements, EOBs and credit bureau reports carefully.
  3. If you suspect identity theft, contact the Federal Trade Commission at 877-ID-THEFT (877-438-4338) and the Louisiana Attorney General’s Officeat 800-351-4889.

 

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy