Bobby Yee, D.P.M notified 24,000 patients after ransomware attack

Posted on by Dissent

A somewhat confusing press release of December 20:

The Podiatric Offices of Bobby Yee announced today that it was subject to a data incident, which may have potentially exposed some information of clients and individuals. 

What Happened?

On Monday, October 29th, 2018, the Podiatric Offices of Bobby Yee was the victim of a ransomware attack which resulted in the unauthorized alteration and potential corruption of their medical files, including patient personal information. Importantly, there is no evidence suggesting that personal or medical information was viewed or exfiltrated.   


What Information Was Involved?
The altered information may have included first name, last name, address, telephone number, age, gender, date of birth, Social Security number, health insurance policy number, and patient medical records.

 
What Are We Doing.
Once we became aware, we promptly took steps to protect your personal information and to determine the nature and scope of the issue. If there is indeed any alteration or corruption of your personal information, we may need to reconfirm or reconstruct the information, including your medical information.   

[…]

For More Information.
If you have any questions or need additional information, please call toll free number 877-845-8111 Monday through Friday, from 6:00 A.M. to 6 P.M. PST. You may also write the Podiatric Offices of Bobby Yee at 880 Cass St., # 201, Monterey, California 93940.


We regret any concern or inconvenience this matter may have caused you and appreciate your patience and understanding.


SOURCE The Podiatric Offices of Bobby Yee

I’m not sure I understood that notification. At a few points, it sounds like they are saying that the files were altered. At another place, it sounds like they are saying potential alteration. Which is it? Have files been altered or were some files corrupted/made unreadable by the ransomware? I have emailed Dr. Yee to request clarification and will update this post when I get a reply. One of the questions I asked was whether they had a complete backup that they could restore from if files were corrupted.

Category: Health DataMalwareU.S.