On November 7, West Oaks Eyecare in Texas discovered one of their computer systems had been encrypted by malware. Their investigation into the incident indicated that the threat actor(s) may have accessed patient billing information:
We thoroughly reviewed the files involved to determine what information they contained. Based on our review, we identified files that contained certain patients’ names, and one or more of the following: address, date of birth, email address, phone number, patient ID number, Social Security number, optical scan images, exam results, insurance information, and/or billing information (such as date(s) of service, codes about diagnosis/treatment received, amount billed).
The incident was reported to the Texas Attorney General’s Office as impacting 1,045 Texans, but no total number has been disclosed yet, and the incident does not yet appear on HHS’s public breach tool.
DataBreaches has sent an inquiry to the provider asking whether any ransom demand was actually received, and whether they would indicate what type of malware or ransomware was involved, but no reply was immediately available.