DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Encryption protected Golden Optometric patients’ EHR from CrySiS attack

Posted on December 20, 2017 by Dissent

It’s nice to read a notification where an entity had good defenses in place. Consider this notification from Golden Optometric in California:

Early on the morning of November 6, 2017, the network server at Golden Optometric was infected with a variant of the “CrySiS” ransomware virus, which encrypted a limited number of files on its local drives. We discovered this attack within hours of its occurrence and promptly engaged IT specialists to evaluate the situation. The IT specialists determined that the network intrusion was brief and that there was no evidence that any files had been removed.

Since that time, we have been working diligently to identify and contact those patients with information affected by the incident.

What Information Was Involved?

Based upon our investigation, we determined that the affected files included government reporting documents, excused absence letters to patients’ employers/schools, and letters we send to other health care providers when we refer our patients to other providers for care or treatment. These documents generally included patient names, dates of birth, provider names, dates of service, purpose of the provider visit, blood pressure test results, diagnoses, medical record numbers, and health insurance subscriber identification numbers.

Importantly, the ransomware did not affect any of the electronic health records we maintain and no Social Security number, bank account information, credit card information, financial account information, or drivers’ license number of any patient was impacted. Please note that all of our electronic health records are maintained on secure, encrypted servers.

Ok, so it wasn’t perfect, but what is? Considering what we usually see, this is certainly a cut above the rest, isn’t it?  And they’re not resting on any laurels. Look at their response/follow-up:

We have removed all affected files from our local drive and we now maintain all of our patient- identifiable information on secure, encrypted servers. We have also recovered complete and accurate copies of all affected files through our data back-up systems.

Color me impressed.

 

Category: Breach IncidentsCommentaries and AnalysesHackHealth DataMalwareOf NoteU.S.

Post navigation

← Banks Find (Some) Success Suing Over Data Breaches
Pinterest notifies users of suspicious activity →

1 thought on “Encryption protected Golden Optometric patients’ EHR from CrySiS attack”

  1. Anonymous says:
    December 20, 2017 at 4:04 pm

    “Secure” is a relative term. How do they define it?

    The ransonware was executed by a valid, authorized account holder. That account most likely had significant access to their “secure, encrypted servers.”

    That said, ransomware usually doesn’t also exfiltrate data, so the risk data was copied is probably pretty minimal.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ICE takes steps to deport the Australian hacker known as “DR32”
  • Hearing on the Federal Government and AI
  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Decision That Murdered Privacy
  • Hearing on the Federal Government and AI
  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.