Ransomware Infects Records at Plastic Surgery and Skin Clinics

2019, Breaches, March

Who: Maffi Clinics

When: 15 Mar 2019

# of records involved:10,500 Patient Records

What happened: Maffi Clinics, Arizona, have revealed that a ransomware attack on their servers compromised the files of nearly 10,500 patients.

How did it happen: Maffi Clinics, a network of 5 plastic surgery and skin care clinics, detected the ransomware attack on September 11, 2018. IT security staff quickly responded to the attack, therefore limiting the hacker’s access to sensitive data. In total, the hacker only had access to Maffi Clinics’ systems for 5 hours.

Outcome: Maffi Clinics contracted an independent IT security firm to remove the ransomware from their servers. The IT workers were able to recover patient data files from Maffi Clinics’ backups, and no data was lost. Maffi Clinic and the IT security firm launched an investigation into the breach to assess its cause and scope. The investigators did not find evidence that the hacker had accessed or downloaded any of the patient data. Maffi Clinics has taken steps to improve security, and additional safeguards have now been implemented to prevent further ransomware and malware attacks.