Ransomware Attack Affects 16,000 Mind & Motion Patients

by | Dec 24, 2018

Following the installation of ransomware and malware on a server belonging to Mind & Motion Developmental Centers of Georgia, it has been revealed that the group responsible which may have been able to access to 16,000 patients protected health information.

The ransomware was installed and implemented on a server housing Mind & Motion medical records. The range of data that was possibly compromised includes names, addresses, birth dates, patients’ gender, medical histories, medical diagnoses, health insurance data and Social Security details. Medical records may also have been compromised due to the attack.

Mind & Motion noticed the ransomware attack on September 30, 2018. An IT vendor, TeamLogic IT, was hired to review the breach, deduce how the attack occurred and help rescue data that had been made inaccessible by the ransomware.

Along with the ransomware infection, TeamLogic IT discovered an disabled keylogger and a spam emailer on the server. All malware was completely erased and associated accounts were deleted. TeamLogic IT did not find any proof to suggest any of the installed malware had been used to view patient financial information or its scheduling and electronic billing databases.

Since the attack was found, Mind & Motion has not been contacted with reports from patients to suggest that any of their PHI has been stolen and improperly used. The attack is thought to have been carried out with the aim of extorting money from Mind & Motion. Thus, it is felt that patients are not like to suffer any negative effects from the attack.

Following guidance from a third party IT vendor, Mind & Motion has reset all passwords and put in place controls to ensure complex passwords are established on all accounts going forward. A policy has also been brought in to force users to change passwords more often. Computers and servers have professional anti-malware solutions included and will be constantly scanned. Mind & Motion has also applied encryption on all its computers and the latest anti-spam technology has been enabled to safeguard against phishing attacks.

Soon after the breach was found, Mind and Motion contracted a compliance consulting firm to make sure that all obligations of HIPAA were met. The consulting firm will be providing additional HIPAA compliance training to all staff within 30 days.

A breach report was filed with the Department of Health and Human Services’ Office for Civil Rights (OCR) on November 30, 2018 and all impacted patients have been alerted regarding the breach by mail. The OCR breach report states that almost 16,000 patient records were possibly impacted.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy