On August 4, Practice Resources, LLC notified the California Attorney General’s Office that it had been the victim of a ransomware attack on April 12. They also notified HHS that 942,138 patients were affected by the breach (see below).
The New York firm is a business associate that provides a variety of health management services, including billing services, to covered entities.
Practice Resources’ notification to HHS was on behalf of the following 28 entities:
• Achieve Physical Therapy, PC
• CNY Obstetrics and Gynecology, P.C.
• Community Memorial Hospital, Inc
• Crouse Health Hospital, Inc
• Crouse Medical Practice PLLC
• Family Care Medical Group, PC
• Fitness Forum Physical Therapy, PC
• FLH Medical PC
• Greece Dermatological Associates, PC
• Guidone Physical Therapy, PC
• Hamilton Orthopedic Surgery & Sports Medicine
• Helendale Dermatological and Medical Spa, PLLC
• Kudos Medical, PLLC
• Laboratory Alliance of Central New York, LLC
• Liverpool Physical Therapy, PC
• Michael J Paciorek, MD PC
• Nephrology Associates of Watertown, PC
• Nephrology Hypertension Associates of CNY, PC
• Orthopedics East, PC
• Salvation Army
• Soldiers & Sailors Memorial Hospital—Physician Practices
• St. Joseph’s Medical
• Surgical Care West, PLLC
• Syracuse Endoscopy Associates, LLC
• Syracuse Gastroenterological Associates, PC
• Syracuse Pediatrics
• Tully Physical Therapy
• Upstate Community Medical, PC
The template for their notification can be found on the California Attorney General’s site, here.
The firm’s notification does not indicate what group attacked them or whether their system was encrypted as part of the attack. So far, DataBreaches has not seen any mention of them on any dedicated leak site.