EmergeOrtho in North Carolina has started sending notification letters to patients whose protected health information may have been accessed during a ransomware attack in May.
According to a notification template seen by DataBreaches, EmergeOrtho discovered and blocked a ransomware attack on May 18. Their letter does not specifically state whether any files were encrypted, and they do not state what the ransom demand was or who the attackers were. Patient information that may have been accessed included first and last name, address, Social Security number, and, in some cases, date of birth.
The letter only refers to data being “accessed.” It does not state specifically whether any patient data was exfiltrated as well as accessed.
EmergeOrtho’s report to the Maine Attorney General indicates that they are notifying 75,200 patients.
Update: On September 2, HHS posted EmergeOrtho’s submission to them of August 25. That submission indicated that EmergeOrtho was notifying 68,661 patients.