A ransomware attack on Fayetteville-based Arkansas Oral Facial Surgery Center has potentially breached the data of 128,000 of its patients.

An investigation found the cyberattack occurred between July 25 and 26, and while quickly detected, the virus encrypted x-ray images, files and documents. Fortunately, the patient database was not encrypted.

However, hackers managed to infect the data of a small number of patients who visited the provider within three weeks prior to the incident.

[Also: The biggest healthcare breaches of 2017 (so far)]

The cyberattack is still under investigation, but Arkansas Oral Facial Surgery Center officials said they believe the attack was purely meant for extortion purposes. But officials have not been able to rule out data access or theft with certainty.

The potentially accessed files contained names, Social Security numbers, addresses, dates of birth, insurance information, diagnoses, treatments and other medical data. The virus also shut the organization out of medical images, details of patient visits and files.

[Also: Myth busted: You can't sweep ransomware attacks under the rug]

It’s unknown whether all of the 128,000 patients affected by the incident were current patients.

All impacted patients are being offered a year of free credit monitoring, and officials are warning patients to look out for phishing attacks that may stem from the ransomware attack. Further, the organization would never ask patients to provide personal details over the phone or by email.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com