EyeCare of Bartlesville in Oklahoma reported a breach to HHS on March 13 that appeared on HHS’s public breach tool on March 19.
There was no notice on their web site that I could find at that time. Nor could I locate any public notices via a Google search. The incident was coded on HHS’s breach tool as a “hacking/IT incident” involving data located on “desktop computer/network server.” It reportedly impacted 4,000 patients.
Today, I re-searched and was able to find an explanation posted on the home page of the the practice’s web site:
On February 20, 2015 the computer housing our patient database was compromised by an outside malware virus. To the best of our knowledge and the knowledge of our computer expert handling the situation, we do not believe any information was taken from the computer. The computer hard drive has been locked and is no longer accessible. Unfortunately, we cannot with 100% certainty guarantee that no information was taken. We felt it our duty to notify our patients of the potential security breach.
While the risk to your private information is minimal we do recommend closely reviewing your account statements and monitoring your free credit reports. You may contact us with questions by phone: 918-336-0608, fax: 918-337-9163 or mail: 311 SE Delaware Ave, Bartlesville, OK 74003.
Sincerely,
Leslie Faulkner, O.D
They do not report any ransom demand to unlock the drive. Nor do they state whether they had backups of all medical records that were on the drive, or what types of information were on it. Hopefully, the notification letter to patients contained more detail than the web site notice.