KPLC-TV reports that Center for Neurosurgical and Spinal Disorders announced a breach that occurred in July.
From the center’s news release:
Lake Charles, LA – On the morning of July 21, 2016, we detected an unauthorized intruder in one of our computers. Access to this computer was immediately shut down; subsequently, CNSD’s servers and network were taken offline. CNSD’s IT professional, who after performing an investigation, determined that a hacker had gained remote access to the office manager’s computer and installed both a program which recorded the user’s keystrokes, and a program that periodically took screen shots of what was being displayed on the computer. A subsequent investigation revealed that screen shots of 823 CNSD’s patients (along with 311 patients of another practice for whom CNSD bills) were taken between the dates of 7/7/16-7/18/16. It is unclear whether any of this information was downloaded. The Federal Bureau of Investigation (FBI) is actively performing a forensic investigation of what appears to be a foreign cyberattack based upon the Cyrillic script language used by the hacker. The screen shots revealed that some patients only had their name displayed, while the screen shots of other patients reflected more detailed information including name, address, phone number, social security number, medical chart information, and billing information.
Read more of their notification on KPLCTV. And kudos to the CNSD on a good breach notification and incident response.