Melissa Selke, MD, PC, a Family Medicine practice in New Jersey, issued a statement on December 2 concerning a hacking/ransomware incident. From the statement (.doc):
On October 6, 2016, Dr. Selke discovered her information system had been infected with a virus that prohibited access to patient files. The integrity of the information system was immediately restored and an investigation was launched with the assistance of a forensic expert, to determine the capabilities of the virus and how it was introduced to the system. As part of the extensive investigation, on November 18, 2016, it was determined that this virus was introduced by an unknown third party that had access to a server on Dr. Selke’ information system.
Information Affected
While the investigation is ongoing, and there is no evidence the unknown third party viewed or took patient information stored on the server, it has been confirmed that this server housed files and a software application containing information which may include patients’ names, addresses, phone numbers, Social Security numbers, treatment and diagnosis information, driver’s license information, health insurance information, treating physician information, medical record number, and treatment date(s).
Notification
Dr. Selke is mailing letters to impacted patients. Dr. Selke is also informing the U.S. Department of Health and Human Services, and state regulators about this incident.
[…]
The incident was reported to HHS on December 5 as impacting 4,277 patients.