DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Encryption protected Golden Optometric patients’ EHR from CrySiS attack

Posted on December 20, 2017 by Dissent

It’s nice to read a notification where an entity had good defenses in place. Consider this notification from Golden Optometric in California:

Early on the morning of November 6, 2017, the network server at Golden Optometric was infected with a variant of the “CrySiS” ransomware virus, which encrypted a limited number of files on its local drives. We discovered this attack within hours of its occurrence and promptly engaged IT specialists to evaluate the situation. The IT specialists determined that the network intrusion was brief and that there was no evidence that any files had been removed.

Since that time, we have been working diligently to identify and contact those patients with information affected by the incident.

What Information Was Involved?

Based upon our investigation, we determined that the affected files included government reporting documents, excused absence letters to patients’ employers/schools, and letters we send to other health care providers when we refer our patients to other providers for care or treatment. These documents generally included patient names, dates of birth, provider names, dates of service, purpose of the provider visit, blood pressure test results, diagnoses, medical record numbers, and health insurance subscriber identification numbers.

Importantly, the ransomware did not affect any of the electronic health records we maintain and no Social Security number, bank account information, credit card information, financial account information, or drivers’ license number of any patient was impacted. Please note that all of our electronic health records are maintained on secure, encrypted servers.

Ok, so it wasn’t perfect, but what is? Considering what we usually see, this is certainly a cut above the rest, isn’t it?  And they’re not resting on any laurels. Look at their response/follow-up:

We have removed all affected files from our local drive and we now maintain all of our patient- identifiable information on secure, encrypted servers. We have also recovered complete and accurate copies of all affected files through our data back-up systems.

Color me impressed.

 

Related posts:

  • Golden Entertainment notification of malware incident
  • December was one of the busiest months for health data breach disclosures
  • Veterans Administration responds to Freedom of Information request; releases breach reports
  • The Ransomware Superhero of Normal, Illinois
Category: Breach IncidentsCommentaries and AnalysesHackHealth DataMalwareOf NoteU.S.

Post navigation

← Banks Find (Some) Success Suing Over Data Breaches
Pinterest notifies users of suspicious activity →

1 thought on “Encryption protected Golden Optometric patients’ EHR from CrySiS attack”

  1. Anonymous says:
    December 20, 2017 at 4:04 pm

    “Secure” is a relative term. How do they define it?

    The ransonware was executed by a valid, authorized account holder. That account most likely had significant access to their “secure, encrypted servers.”

    That said, ransomware usually doesn’t also exfiltrate data, so the risk data was copied is probably pretty minimal.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.