DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NC: Central Dermatology Center notifies patients after discovering malware had been inserted in their system in 2012

Posted on November 8, 2014 by Dissent

Central Dermatology Center (“Central”) announced on November 7, 2014 that on September 25, 2014 it became aware that one of its servers had been compromised by malicious software (“malware”). Central immediately consulted with forensic IT experts to identify and remove the malware and determine exactly what information on the server may have been accessed. The malware was removed and the server has been disconnected from Central’s system.

The information on the server that may or may not have been accessed included patients’ name, address, phone numbers, date of birth, social security number, billing and diagnostic codes, insurance company, insurance co-payment information, healthcare provider, employer information, sex, treatment date, account balance, email address, and race.

Based on Central’s forensic investigation to date it is believed that patient bank account and payment card information were not compromised and electronic medical records were not on this server as they were encrypted by Central prior to the malware being placed on the server.

“Taking aggressive action early and confronting this issue is consistent with the practice’s core value of behaving in an ethical and transparent fashion,” said Greg Catt, Practice Administrator at Central Dermatology Center & Carolina Medi-Spa. “Central hired a prominent forensics security expert firm and an information technology firm that investigated this incident, reviewed all systems, and Central has improved our security wherever necessary to help protect our community. On behalf of the people of Central Dermatology Center, we sincerely apologize for any inconvenience this may cause.”

As part of our investigation in this matter, we consulted with an IT forensics firm and a separate IT company who specialize in this area. The investigation revealed that malware compromised a password protected Central server on or about August 9, 2012 despite safeguards in place, including software on the server designed to prevent such malware. We contacted, and will continue to work with, local law enforcement, the Federal Bureau of Investigation, North Carolina Attorney General, nationwide consumer reporting agencies, and the U.S. Department of Health and Human Services regarding this matter.

Central is notifying potentially affected patients and patients are being offered free credit monitoring and identity theft protection. Patients are encouraged to take advantage of these services being provided by Equifax. Additionally, Central created a data security incident call center to answer patient questions, including whether your information was included in this incident. That number is (800) 448-6104. The call center hours are Monday-Friday from 11am-7pm Eastern Time.

Moreover, you can remain vigilant by reviewing account statements and you can order a free credit report at www.annualcreditreport.com, or by calling toll-free (877) 322-8228, or by completing the Annual Credit Report Request Form on the U.S. Federal Trade Commission’s website at www.ftc.gov and mail it to Annual Credit Report Services, P.O. Box 105281, Atlanta, GA 30348-5281. Further, you may obtain information from the three major consumer credit reporting agencies, Equifax, (800) 525-6285, Equifax Credit Information Services, Inc., P.O. Box 740241, Atlanta, GA 30374; Experian (888) 397-3742, P.O. Box 4500, Allen, TX 75013 (mailing address for disputes, all other services available at www.experian.com); and TransUnion (800) 680-7289, TransUnion LLC, P.O. Box 2000, Chester, PA 19022-2000.

You can obtain information about preventing identity theft, fraud alerts, and credit freezes from the U.S. Federal Trade Commission and the North Carolina Attorney General’s Office. You can call the U.S. Federal Trade Commission at (877) 382-4357 and the address for the U.S. Federal Trade Commission is 600 Pennsylvania Ave, NW, Washington, DC 20580. You can obtain information from the North Carolina Attorney General’s Office through their website at www.ncdoj.gov, call toll free to (877) 566-7226, or send mail to 9001 Mail Service Center, Raleigh, NC 27699-9001.

Additionally, you should report any identify theft to local law enforcement and the state attorney general of your state of residence.

SOURCE: Central Dermatology Center

Category: Uncategorized

Post navigation

← Breaking up is hard to do
Hotel Website Booking.Com Targeted by Phishing Scammers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.
  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.