DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

KS: When your incident response creates a second problem….

Posted on August 24, 2017 by Dissent

On August 16, Salina Family Healthcare posted a substitute notice about a ransomware incident:

Salina, Kansas – August 16, 2017 – Salina Family Healthcare Center (“SFHC”) has become aware of a data security incident that may have resulted in the disclosure of personal and protected health information of our patients and payment guarantors. Although at this time there is no evidence of any attempted or actual misuse of anyone’s information as a result of this incident, we have taken steps to notify our patients and payment guarantors and provide resources to assist them.

On June 18, 2017, we were the target of a ransomware attack that encrypted some of our computer workstations and network servers. We immediately initiated a comprehensive response to secure our systems and investigate the incident. In order to avoid interruption in continuing to see patients, we immediately restored our computers and servers from a recent backup. We also engaged independent computer forensics experts to determine how the incident occurred and if information had been accessed by an unauthorized third party.

Although the investigation did not identify any evidence of access to individual information, we could not rule out the possibility that individual personal information, including names, addresses, Social Security numbers, dates of birth, health insurance information, and medical treatment information is at risk. No financial transaction or payment information was involved in this incident. To date, we are not aware of the misuse of anyone’s information as a result of this incident.

We take the security of all information in our systems very seriously, and want to assure you that we have taken steps to prevent a similar event from occurring in the future. This includes scanning our network for viruses, upgrading servers to improve network security, limiting Internet access to minimize risk of exposure, providing additional network security training to IT staff, and additional training on malware threats to all employees.

We mailed a letter to individuals potentially impacted by this event which includes steps they can take to monitor and protect their personal information. We have established a toll-free call center to answer questions about the incident and related concerns. The call center is available Monday through Friday from 8:00 a.m. to 8:00 p.m., Central Time and can be reached at 1-855-742-6212. In addition, out of an abundance of caution, we are offering credit monitoring and identity theft resolution services through AllClear ID to potentially impacted individuals at no cost.

We sincerely regret any concern or inconvenience that this matter may cause you, and remain dedicated to protecting your information.

[…]

The number of patients being notified was not revealed and the incident has yet to appear on HHS’s public breach tool.

But Salina seems to have encountered a problem with their notifications/incident response, because I found an update to their breach notification that says:

Update – August 21, 2017 – If you received a letter that was incorrectly addressed from Salina Family Healthcare Center regarding our data security incident, please mark it “Return to Sender” and return it to your mailperson or post office. We will review any returned letters and ensure that they are revised and delivered to the correct address.

Related posts:

  • The Ransomware Superhero of Normal, Illinois
  • Updating: CaptureRx incident impacted more than 2.4 million. List of Entities.
  • Health Data Breaches in 2017: The Year in Review
Category: ExposureHealth DataMalwareU.S.

Post navigation

← Could hackers be behind the U.S. Navy collisions?
Insurer’s mailing to customers made HIV status visible through envelope window →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.