It’s gotten that there are so many ransomware incidents in the healthcare sector, that even tens of thousands of affected patients may not make headlines.
One of the recent additions to HHS’s public breach tool involved the Southeastern Minnesota Oral & Maxillofacial Surgery of Minnesota. They reported that 80,000 patients were being notified. The following notification appeared on their website:
Southeastern Minnesota Oral & Maxillofacial Surgery Notifies Patients of Data Security Incident
Southeastern Minnesota Oral & Maxillofacial Surgery (“SEMOMS”) has become aware of a data security incident that may have resulted in the inadvertent exposure of patients’ health information. Although at this time there is no evidence that patient information was actually accessed or viewed, or any indication of anyone’s information being misused, the practice has taken steps to notify anyone who may have been affected by this incident, including sending letters to anyone whose information may have been exposed.
On September 23, 2019, we discovered that one of our servers had been impacted by ransomware. Our IT staff immediately intervened to restore the impacted server, and we engaged computer forensic experts to investigate if any information may have been impacted. After examining the impacted server, the investigation was unable to determine if patients’ name and X-ray images had been viewed or accessed by an unknown, unauthorized third party. While our investigation did not identify specific activity surrounding patients’ information, we are notifying potentially impacted individuals out of an abundance of caution. Importantly, patients’ financial information, medical records and Social Security numbers, if provided to us, were NOT impacted by this event.
While there is no indication that an unauthorized party accessed or viewed patient information or evidence of patient information being misused, SEMOMS remains committed to protecting patients’ information and has taken steps to prevent a similar event from occurring in the future, including reviewing and revising its information security policies and procedures. Letters sent to potentially impacted patients include additional information about what occurred and a toll-free number where patients can learn more about the incident. The call center is available Monday through Friday between 8:00 AM to 8:00 PM Central at 833-947-1414.
The privacy and security of patient information is a top priority for Southeastern Minnesota Oral & Maxillofacial Surgery, which deeply regrets any inconvenience or concern this incident may cause.