Dr. Office Patient Information Held For Ransom after Cyber Breach Incident
Who: Ronald Snyder, M.D.
# of Accounts Breached: 24,000
What was affected: Medical billing information, which may include: name, address, date of birth, gender, co-pay amount, patient status, employment status, telephone number, email address, and certain patients’ insurance identification number, which may be a Social Security number.
When it happened: January 9, 2019
How it happened: On January 9, 2019, Dr. Snyder’s staff became aware that electronic information stored on his office’s computer server had been encrypted as the result of a “ransomware” cyber-attack by an unknown actor. Because the server that was encrypted stored patient billing information, Dr. Snyder’s immediate goals were to (1) ensure his office could still access patient information that had been encrypted so that his office could continue to care for patients without disruption; and (2) investigate what happened and confirm as quickly as possible if this incident resulted in any unauthorized access to, or theft of, patient information by the unknown actor.
Outcome: Because the office regularly creates backup copies of patient information, Dr.Snyder was able to quickly gain access to almost all patient information that had been encrypted and easily restored information that was not accessible. He also immediately began working with outside cybersecurity and computer forensics experts to determine whether any patient information was subject to unauthorized access. Since Dr. Snyder learned about this issue on January 9, 2019, he has taken every necessary step to investigate this incident and the impact it may have on patient information, which included working with multiple industry-leading experts to recover the important information that was encrypted on the computer server. Unfortunately, after many efforts and attempts, Dr. Snyder learned on April 2, 2019, that he would be unable to determine whether this incident resulted in unauthorized access to patient information, due to the damage done to the computer server and the information stored on it. Although Dr. Snyder has no indication that any patient information was specifically targeted, viewed, or stolen by an unauthorized actor in relation to this incident, he is notifying potentially affected individuals about this incident in an abundance of caution due to the uncertain nature of the incident.