A ransomware attack on Plastic Surgery Associates of South Dakota may have breached the data of 10,200 patients.

The provider discovered on Feb. 12  that some of its systems were infected with ransomware. Officials said Plastic Surgery Associates immediately began to attempt removing the virus and decrypting the data. It also hired third-party experts.

While the investigation found the hackers were unable to access the majority of Plastic Surgery Associates’ medical data, officials lost access to evidence during the cleanup efforts on April 24. As a result, officials can’t rule out whether the attackers were able to access some patient data.

[Find out what experts at Healthcare Security Forum are talking about in Boston Sept. 11-13. Event schedule.]

The potentially breached information includes names, Social Security numbers, driver licenses or state identification numbers, credit or debit card information, medical conditions, diagnoses, lab results, addresses, dates of birth and health insurance data.

Impacted patients are being notified and Plastic Surgery Associates are providing patients a year of free credit monitoring.

“The confidentiality, privacy, and security of our patient information is one of our highest priorities,” officials said in a statement. “As part of our ongoing commitment to the security of protected health information in our care, we’re working to implement additional safeguards and security measures to enhance the privacy and security of information on our systems.”

[Also: The biggest healthcare breaches of 2017 (so far)]

This case highlights the need for organizations to not only keep a regular backup of all information off the network, but also to routinely test those backups in case of a cyberattack.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn