Arkansas Practice Reports Cyber Incident Impacting 128K Patient Records | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Arkansas Practice Reports Cyber Incident Impacting 128K Patient Records

October 4, 2017
by Heather Landi
| Reprints

The Arkansas Oral and Facial Surgery Center, with clinics in Springdale, Fayetteville and Harrison, posted a notice to patients that its computer network had been impacted by ransomware.

In the notice, posted on the organization’s website, Arkansas Oral and Facial Surgery Center said the incident was discovered July 26, 2017 and organization leaders began an investigation, which revealed that the ransomware had been installed on its systems by an unauthorized individual at some point earlier that morning or the evening before.

“As you may be aware, healthcare organizations and other types of companies across the country have been affected by similar types of ransomware cyber attacks and we believe that the motivation behind this incident was extortion, and not the theft of patient information. We have notified the FBI of this incident,” the organization said in its notification letter.

The incident was reported to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), which posted the incident to the breach portal as a hacking/IT incident that impacted 128,000 individuals.

In its notification letter, the organization stated, “Except for a relatively limited set of patients, our patient information database was not affected by the ransomware, however, imaging files, such as x-rays, and other documents such as attachments were impacted. While our investigation into the matter continues, it does not appear that patient information was stolen from our system.”

However, the organization stated that the ransomware has rendered the imaging files and documents inaccessible. “Based on our present investigation, it also appears that the ransomware rendered all electronic patient data inaccessible pertaining to visits within approximately three weeks prior to the incident. Because we are unable to determine with reasonable certainty whether or not the perpetrator(s) placing the ransomware on our systems accessed patient information, and due to the impact on the availability of images and other files, we are providing you with notification of this incident,” the notification letter stated.

From its investigation to date, the organization it believes information contained in the affected files included attachments and radiographs that might include demographic information such as patient names, addresses, dates of birth, and Social Security numbers and clinical information such as diagnosis, treatment plans or conditions and other information such as health insurance information.

Following the incident, the organization said it has implemented a new record system, and has arranged for credit monitoring protection for its patients, for 12 months at no cost.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Intermountain Healthcare Launches Study to Unlock Genomic Data

Researchers from the Salt Lake City, Utah-based Intermountain Healthcare have announced a long-term prospective study that they think has the potential to help physicians and others unlock genomic data.

UNC Health Care Receives HIMSS Analytics Stage 7 Designation

UNC Health Care, an integrated health care system based in Chapel Hill, N.C., has achieved Stage 7 designation on the HIMSS Analytics’ Electronic Medical Record Adoption Model (EMRAM).

FDA Announces Plan to Advance Medical Device Safety and Cybersecurity

The Food and Drug Administration (FDA) has announced new proposals aimed at advancing medical device cybersecurity, including placing new responsibilities on manufacturers, both before and after their devices hit the market.

Black Book: 9 in 10 Small Practices Not Optimizing Advanced EHR Functionalities

Eighty-eight percent of small practices of six or less practitioners still aren't optimizing advanced EHR (electronic health record) tools such as patient engagement, secure messaging, decision support and electronic data sharing, according to the latest Black Book survey

Penn., N.J. Health Systems Form Clinical Research Consortium

Six health systems in New Jersey and Pennsylvania have announced the founding of a nonprofit clinical research consortium – Partners in Innovation, Education, and Research (PIER Consortium) to streamline clinical trials.

Report: Global Digital Health VC Funding Hits Record $2.5B in Q1 2018

Venture capital funding into digital health companies in the first quarter of 2018 surged to a record $2.5 billion raised in 187 deals from $1.7 billion in 192 deals in the fourth quarter of 2017, according to a report from Mercom Capital Group