On August 3rd, 2018, during an internal security audit, it was discovered that a major computer network breach had occurred at the offices of Tillamook Chiropractic Clinic. On May 24, 2016, malware was installed on the primary insurance billing system, which hackers then used as a staging area to collect patient records, including patient full name, any diagnoses, lab results, medications, home address(es), work address(es), phone number(s), driver’s license, date of birth, social security numbers (for Medicare patients only), insurance billing information, bank routing numbers & account numbers, as well as employee payroll data. Copies of 4,058 patient records are believed to have been stolen.
Notably, the breach occurred despite antivirus, anti-malware, and firewall protection, and despite having the latest version of operating systems with all patches installed, as well as technical support.
Remediation and Repair Efforts
The unauthorized access was terminated on August 3rd, 2018, immediately after discovery. Additionally, the computer security systems of Tillamook Chiropractic Clinic have been significantly modernized and upgraded, the policies have been updated, and notifications are being issued to individual patients as well as credit reporting agencies. Tillamook Chiropractic Clinic encourages each of its patients to actively monitor their credit reports and bank accounts for signs of fraud or identity theft.
Steps You Can Take
If you believe an incident of fraud or identity theft has occurred, you can work with credit grantors to close fraudulent accounts, place a freeze on your credit file with each of the three major credit agencies, and report the incident to local law enforcement or the FBI at: www.ic3.gov.
Experian can be reached at: 1 (888) 397-3742 or http://www.experian.com/consumerinformation/cis-contact-business.html
Equifax can be reached at: 1 (800) 727-8495 or https://www.equifax.com/personal/contact-us/
TransUnion can be reached at: 1 (800) 813-5604 or https://www.transunion.com/customersupport/contact-us-consumers
You can also notify the Federal Trade Commission by following the steps outlined at https:// www.identitytheft.gov/ or call 1877-ID-THEFT (438-4338).
If you would like additional resources relating to protecting yourself from identity theft, you can visit Oregon’s Consumer Protection website located at https://www.doj.state.or.us/consumerprotection/id-theft-data-breaches/identity-theft/.
Questions? Tillamook Chiropractic Clinic sincerely apologizes for this incident and regret any inconvenience it may cause you. Should you have additional questions regarding this matter, please contact Verna at (503) 801-3234 or by email at: tillchiro@gmail.com.
If you believe a network security audit might be prudent for your business, please contact Harmonium, LLC at: (503) 207-6400.
How do you have “…antivirus, anti-malware, and firewall protection, and despite having the latest version of operating systems with all patches installed…” and then “…have been significantly modernized and upgraded, the policies have been updated…” on your systems? The former seems like it would preclude the latter.