DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NC: Central Dermatology Center notifies patients after discovering malware had been inserted in their system in 2012

Posted on November 8, 2014 by Dissent

Central Dermatology Center (“Central”) announced on November 7, 2014 that on September 25, 2014 it became aware that one of its servers had been compromised by malicious software (“malware”). Central immediately consulted with forensic IT experts to identify and remove the malware and determine exactly what information on the server may have been accessed. The malware was removed and the server has been disconnected from Central’s system.

The information on the server that may or may not have been accessed included patients’ name, address, phone numbers, date of birth, social security number, billing and diagnostic codes, insurance company, insurance co-payment information, healthcare provider, employer information, sex, treatment date, account balance, email address, and race.

Based on Central’s forensic investigation to date it is believed that patient bank account and payment card information were not compromised and electronic medical records were not on this server as they were encrypted by Central prior to the malware being placed on the server.

“Taking aggressive action early and confronting this issue is consistent with the practice’s core value of behaving in an ethical and transparent fashion,” said Greg Catt, Practice Administrator at Central Dermatology Center & Carolina Medi-Spa. “Central hired a prominent forensics security expert firm and an information technology firm that investigated this incident, reviewed all systems, and Central has improved our security wherever necessary to help protect our community. On behalf of the people of Central Dermatology Center, we sincerely apologize for any inconvenience this may cause.”

As part of our investigation in this matter, we consulted with an IT forensics firm and a separate IT company who specialize in this area. The investigation revealed that malware compromised a password protected Central server on or about August 9, 2012 despite safeguards in place, including software on the server designed to prevent such malware. We contacted, and will continue to work with, local law enforcement, the Federal Bureau of Investigation, North Carolina Attorney General, nationwide consumer reporting agencies, and the U.S. Department of Health and Human Services regarding this matter.

Central is notifying potentially affected patients and patients are being offered free credit monitoring and identity theft protection. Patients are encouraged to take advantage of these services being provided by Equifax. Additionally, Central created a data security incident call center to answer patient questions, including whether your information was included in this incident. That number is (800) 448-6104. The call center hours are Monday-Friday from 11am-7pm Eastern Time.

Moreover, you can remain vigilant by reviewing account statements and you can order a free credit report at www.annualcreditreport.com, or by calling toll-free (877) 322-8228, or by completing the Annual Credit Report Request Form on the U.S. Federal Trade Commission’s website at www.ftc.gov and mail it to Annual Credit Report Services, P.O. Box 105281, Atlanta, GA 30348-5281. Further, you may obtain information from the three major consumer credit reporting agencies, Equifax, (800) 525-6285, Equifax Credit Information Services, Inc., P.O. Box 740241, Atlanta, GA 30374; Experian (888) 397-3742, P.O. Box 4500, Allen, TX 75013 (mailing address for disputes, all other services available at www.experian.com); and TransUnion (800) 680-7289, TransUnion LLC, P.O. Box 2000, Chester, PA 19022-2000.

You can obtain information about preventing identity theft, fraud alerts, and credit freezes from the U.S. Federal Trade Commission and the North Carolina Attorney General’s Office. You can call the U.S. Federal Trade Commission at (877) 382-4357 and the address for the U.S. Federal Trade Commission is 600 Pennsylvania Ave, NW, Washington, DC 20580. You can obtain information from the North Carolina Attorney General’s Office through their website at www.ncdoj.gov, call toll free to (877) 566-7226, or send mail to 9001 Mail Service Center, Raleigh, NC 27699-9001.

Additionally, you should report any identify theft to local law enforcement and the state attorney general of your state of residence.

SOURCE: Central Dermatology Center

Category: Uncategorized

Post navigation

← Breaking up is hard to do
Hotel Website Booking.Com Targeted by Phishing Scammers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch (1)
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.