Arkansas Practice Reports Cyber Incident Impacting 128K Patient Records | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Arkansas Practice Reports Cyber Incident Impacting 128K Patient Records

October 4, 2017
by Heather Landi
| Reprints

The Arkansas Oral and Facial Surgery Center, with clinics in Springdale, Fayetteville and Harrison, posted a notice to patients that its computer network had been impacted by ransomware.

In the notice, posted on the organization’s website, Arkansas Oral and Facial Surgery Center said the incident was discovered July 26, 2017 and organization leaders began an investigation, which revealed that the ransomware had been installed on its systems by an unauthorized individual at some point earlier that morning or the evening before.

“As you may be aware, healthcare organizations and other types of companies across the country have been affected by similar types of ransomware cyber attacks and we believe that the motivation behind this incident was extortion, and not the theft of patient information. We have notified the FBI of this incident,” the organization said in its notification letter.

The incident was reported to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), which posted the incident to the breach portal as a hacking/IT incident that impacted 128,000 individuals.

In its notification letter, the organization stated, “Except for a relatively limited set of patients, our patient information database was not affected by the ransomware, however, imaging files, such as x-rays, and other documents such as attachments were impacted. While our investigation into the matter continues, it does not appear that patient information was stolen from our system.”

However, the organization stated that the ransomware has rendered the imaging files and documents inaccessible. “Based on our present investigation, it also appears that the ransomware rendered all electronic patient data inaccessible pertaining to visits within approximately three weeks prior to the incident. Because we are unable to determine with reasonable certainty whether or not the perpetrator(s) placing the ransomware on our systems accessed patient information, and due to the impact on the availability of images and other files, we are providing you with notification of this incident,” the notification letter stated.

From its investigation to date, the organization it believes information contained in the affected files included attachments and radiographs that might include demographic information such as patient names, addresses, dates of birth, and Social Security numbers and clinical information such as diagnosis, treatment plans or conditions and other information such as health insurance information.

Following the incident, the organization said it has implemented a new record system, and has arranged for credit monitoring protection for its patients, for 12 months at no cost.

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Ohio Man Charged for Allegedly Defrauding Cleveland Clinic out of $2.8M

A man in Westlake, Ohio has been indicted in federal court for his role in a conspiracy to defraud the Cleveland Clinic out of at least $2.8 million.

Survey: Most Providers Say Interoperability by 2020 Not Attainable with Current Federal Policies

The majority of healthcare providers (71 percent) believe that current federal polices, committees and regulations are not sufficient to help the country attain meaningful health IT interoperability by 2020.

House Committee Presses Nuance Executives on NotPetya Attack

he U.S. House Energy and Commerce Committee is requesting that Nuance Communications executives provide more information about the malware incident, called NotPetya, that impacted the company, along with multinational companies in 65 countries, back in June.

Regenstrief Researchers to Study Impact of HIE on Emergency Care

Scientists at the Indianapolis-based Regenstrief Institute are conducting what they say is the first study of health information exchange (HIE) use over multiple years to evaluate whether it improves patient outcomes in emergency departments.

Report: Healthcare Organizations Struggle with Human Error in Securing PHI

In the first nine months of 2017, unintended disclosure accounted for 41 percent of healthcare data breach incidents, according to a report from specialist insurer Beazley.

Three More Providers Receive 2017 HIMSS Davies Awards

Three patient care organizations have received the 2017 global Healthcare Information and Management Systems Society (HIMSS) Enterprise Nicholas E. Davies Award of Excellence for healthcare technology innovations that improve patient outcomes.