DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Plastic Surgery Associates of South Dakota notifies 10,200 after ransomware attack

Posted on July 28, 2017 by Dissent

From their web site, the practice’s notification. Note that some of the crucial data that might have enabled them to justify no need for notifications was lost/corrupted during the clean-up from the ransomware. Based on reports I’ve read over the past year, losing data during clean-up is not that rare, which should serve as a powerful incentive to ensure you have regular backups and you test those backups to make sure they work before you need them! 

Plastic Surgery Associates Patients,

Plastic Surgery Associates of South Dakota (“Plastic Surgery Associates”) is writing to inform you of an incident that may affect the security of your protected health information. While Plastic Surgery Associates is unaware of any actual or attempted misuse of your information, this notice contains details about the incident and our response, as well as steps you can take to protect your information, should you feel it appropriate to do so.

What Happened?  On February 12, 2017, Plastic Surgery Associates discovered that some of our systems were infected with ransomware earlier that day.  Plastic Surgery Associates immediately began efforts to remove the ransomware, decrypt the affected systems and hired third-party experts to determine what data, if any, was subject to unauthorized access as part of the ransomware incident.  While the investigation was able to rule out unauthorized access to the majority of our medical records, certain evidence became unavailable during our clean-up efforts.  On or about April 24, 2017, we determined that without this evidence, we were unable to rule out unauthorized access to a limited number of patient records.   Therefore, in an abundance of caution we are providing this notice.

What Information Was Involved?  We currently have no evidence of any actual or attempted misuse of your information as a result of this incident.  However, the files that may have been subject to unauthorized access contained information about you that may have included some combination of your name, Social Security number, driver’s license number/state identification number, credit card/debit card information, medical conditions, diagnosis information, lab results, address, date of birth and health insurance information.

What We Are Doing.  The confidentiality, privacy, and security of our patient information is one of our highest priorities.  We have stringent security measures in place to protect the security of information in our possession.  In addition, as part of our ongoing commitment to the security of protected health information in our care, we are working to implement additional safeguards and security measures to enhance the privacy and security of information on our systems.  We are also reporting this incident to the U.S. Department of Health and Human Services (HHS).

Securing your personal information is important to us.  As a precautionary measure to help better protect the credit file of those who may be affected from potential misuse, we have partnered with Equifax ® to provide its Credit Watch TMSilver credit monitoring and identity theft protection product for one year at no charge to those who are affected.  You can find out of if you are affected and how to enroll in this by calling our dedicated assistance line at the number below.

What You Can Do. You can review the enclosed Steps You Can Take to Protect Your Information for information you can use to better protect against the misuse of your information, should you feel it appropriate to do so.

For More Information.  We understand that you may have questions about this incident that are not addressed in this notice. If you have additional questions, please call our dedicated assistance line at 800-954-9263 (toll free), Monday through Friday, 8:00 a.m. to 8:00 p.m. CT.

We sincerely regret any inconvenience or concern this incident has caused you.

Sincerely,

 

Jodi Pierret

Clinical Manager

Source: Plastic Surgery Associates of South Dakota

The Argus Leader reports that approximately 10,200 patients are being notified.

Related posts:

  • Another plastic surgery practice appears to have been hit — this time by Hunters International (5)
  • HHS Office for Civil Rights Settles Ransomware Cybersecurity Investigation for $500,000
  • Two California plastic surgery practices suffer cyberattacks and embarrassing patient data leaks
  • Sierra Plastic Surgery notifies patients of privacy and data security breach that occurred in 2011
Category: Health DataMalwareU.S.

Post navigation

← Health data breaches in 2017: The terrible, horrible, no good, very bad year? Join us for webinar!
Ola employee accused of data theft from Aadhaar website →

2 thoughts on “Plastic Surgery Associates of South Dakota notifies 10,200 after ransomware attack”

  1. Terrey says:
    July 30, 2017 at 12:34 pm

    I often wonder how these offices can lose quite so many patient records. They say most of their records were fine, but a “limited number” may have been compromised, so they had to notify those people. That “limited number” is 10,200 people!

    A quick Google search shows their practice has two doctors and a PA. Is it normal for a healthcare office of that size to have tens of thousands of records?

    1. Dissent says:
      July 30, 2017 at 7:01 pm

      They don’t say how many years’ worth of data they had on the system. If they didn’t move data offline or to other storage, they could have years’ worth on there. I’m no longer surprised when I contact patients about breaches to hear, “Yes, I was a patient there, but not for years!” but as I said, we don’t have any information about this particular case.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.