Home GDPR #Privacy: US health centre issues notice of cyber-security incident
GDPR - October 14, 2019

#Privacy: US health centre issues notice of cyber-security incident

Monterey Health Centre, situated in Oregon, USA, today announced a recent event that may have impacted the privacy of personal information relating to certain current and former patients.

While the health centre says it is unaware of any attempted or actual misuse of personal information in relation to the event, it is providing potentially affected individuals with notice of the event, their response to it, and steps individuals may take to better protect against the possibility of identity theft and fraud, should they feel it is necessary to do so.

On August 12, 2019, Monterey Health Centre (MHC) became aware that its electronic medical records system became encrypted due to “ransomware” deployed by an unknown actor.

According to MHC, officials worked quickly to restore access to the patient information so they could continue to care for patients without disruption and investigate what happened. Experts also looked into whether the incident resulted in any unauthorised access to, or theft of, patient information by the unknown actor.

Working with a third-party vendor, MHC was able to successfully restore the data contained on the impacted server. The forensic investigator also confirmed there was no exfiltration of data.

Unfortunately, after an extensive investigation, officials were unable to determine whether the incident resulted in unauthorised access to patient information. Although the centre has no indication that any patient information was viewed or stolen by an unauthorised actor, it is notifying potentially affected individuals about the incident.

The types of information stored on the impacted server includes: name, address, driver’s license, financial account information, social security number, date of birth, medical history, diagnosis/conditions, lab/test results, treatment information, medications, health insurance information, and/or claims information.

The organisation is now notifying potentially affected individuals by this posting, notice on its website, and by mailing letters to potentially affected individuals. Monterey Health Centre has underline how it is taking the incident very seriously, and that it takes every measure possible to extend the fullest protections to the data in the centre’s care.

The organisation says it has updated its processes to further strengthen systems to protect personal information, and that it will continue to work with third-party experts to help ensure the highest levels of security.

The post #Privacy: US health centre issues notice of cyber-security incident appeared first on PrivSec Report.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

Security awareness training: A business-critical function for the logistics and transportation industries

Maintaining security awareness is something that many companies struggle to maintain, part…