DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

MA: Medical billing service notifies patients of ransomware incident

Posted on April 24, 2019 by Dissent

Massachusetts-headquartered Doctors’ Management Service, Inc. provides medical billing services to physicians and hospitals. You may never have heard of them, but your hospital or physician might have provided them with your protected health information if your doctor or hospital contracts with them.

This week, DMS sent notice of what they strangely describe as a “recent incident” that impacted their computer system. The incident, which may have exposed patients’  name, address, date of birth, Social Security number, driver’s license number, insurance and Medicare/Medicaid information and numbers, and medical information, including some sensitive diagnostic information, was first detected On December 24, 2018, when they noticed a problem with their network.

An investigation into the problems revealed that encryption malware was affecting the server.   Further investigation revealed that it was the GandCrab ransomware. The initial unauthorized access to the network took place on April 1, 2017 through Remote Desktop Protocol (RDP) on a DMS workstation.

DMS did not pay the ransom and was able to restore from backup.

But attackers had access to the network beginning on April 1, 2017 and the ransomware was first detected some time after December 14, 2018?  I wouldn’t call that a “recent incident.”

DMS’s notification, signed by their CEO, Timothy DiBona, emphasizes that the investigation did not uncover any evidence of unauthorized access to, use of, or exfiltration of any patient data.

This incident, which DMS is reporting to HHS, affected patients from a number of their provider-clients.  The following is a list of affected entities:

Anjum Baqai Associates
Arcangel Neurological Consultants
AT Care PLLC
AUM Healing Center
Bell Mental Health Associates
Beverly Surgical Associates
Bhealthy Primary Care
First Choice Community Medical Services
Holy Family Medical Specialty
Lowell General Inpatient Specialists
NE Pulmonary & Sleep
New England Inpatient Specialists
New England Pulmonary & Sleep Specialists
Today’s Wellness PLLC
Incare LLC
Pricipes Medical Group
Joseph Schwartz PLLC
Neuro Institutue of New England
New England Reconstructive & Aesthetic
Northwoods Surgical, PLLC
Pathways Healthcare LLC
Peaceful Soul
Personalized Medicine
Pinnacle Medical Group
Post Acute Cardiology
Precision Surgical Specialists of Lowell
Premiere Care
Saxony Primary Care PLLC
Sports Medicine Health LLC
Surgical Group of Norwood
The Wholeness Center
Theresa M Smith Practice
Thompson Medical Associates
WLB Rehabilitation Medicine
Heywood Athol Inpatient Specialists PLLC
Winchester Hospital Inpatient Specialists
Dutch Connection LLC
New England Community Medical Services

The notification, does not indicate how many patients are being notified, but describes steps DMS is taking to strengthen its security to prevent a recurrence.

You can read the full notification below.

CON-MT-Notice-of-Data-Security-Incident-for-DMS

Related posts:

  • Was a recent OCR settlement fair? Maybe, but maybe not.
  • Connexin Software notifies parents of 2.2 million pediatric patients of hack
  • Aretis Health LLC notifies patients of 50 entities about MOVEit breach
  • TX: Unable to determine what was accessed in cyberattack, McAllen Surgical Specialty Center, Ltd. is notifying patients as well as employees
Category: Health DataMalwareOf NoteU.S.

Post navigation

← Marcus Hutchins’ plea leaves unsettled whether writing certain types of code is illegal – Ekeland
38 patient records viewed ‘inappropriately’ by St. Boniface Hospital employee →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.