May 15, 2024 at 05:21PM
Hypertension-Nephrology Associates, P.C. discovered an extortion attack involving unauthorized access to sensitive patient information, including protected health information (PHI). The scope of the breach remains unclear, so the Practice is treating all PHI as potentially compromised. They are taking various measures to address the situation, including notifying potentially impacted individuals and offering complimentary credit monitoring. For more information, individuals can call 1-888-973-9859.
Meeting Notes Takeaways:
– On or around February 6, 2024, Hypertension-Nephrology Associates, P.C. discovered an extortion note on its computer system, prompting immediate action, including engaging cybersecurity experts and an investigation.
– Cybercriminals accessed the Practice’s systems and exfiltrated data containing potentially compromised protected health information (PHI) of both current and former patients between January 20, 2024, and February 6, 2024.
– The full extent of the accessed and exfiltrated PHI data was unable to be determined, leading the Practice to treat all PHI as potentially compromised. Potentially compromised PHI includes name, date of birth, diagnosis, treatment information, Social Security number, and health insurance identification number.
– The Practice has no indication of any misuse of the potentially compromised PHI data to date.
– Security measures are being continually implemented to safeguard the information in the Practice’s care, in addition to engaging cybersecurity experts and outside HIPAA counsel.
– The Practice is in the process of mailing notification letters to potentially impacted individuals, providing a call center for inquiries, and offering complimentary credit monitoring.
– For further inquiries about the incident, individuals can call 1-888-973-9859 between 9:00 a.m. and 9:00 p.m. Eastern Time, Monday through Friday.
Please let me know if there is any additional information or if there are any specific action items to be highlighted.