Mason Doktor reports that Jones Eye Clinic and CJ Elmwood Partners, L.P., an affiliated surgery center, experienced a ransomware attack on the evening of August 22. The attack affected 40,000 patients seen between Jan. 1, 2003 and Aug. 23.
The providers were able to restore from backup and did not pay any ransom. Their full notice appears below. Of note, electronic medical records were not involved, and although some types of data might have been viewed or accessed, the providers have no evidence that that happened. Despite the lack of clear evidence of access or viewing, they are offering patients complimentary credit monitoring services for one year.
Substitutenoticeweb102218