Vincera Institute in Philadelphi is notifying patients of a ransomware incident that occurred on April 29. From their press release, below, it sounds like they have not confirmed nor ruled out unauthorized access, exfiltration, or misuse of data.
Vincera reported the incident to HHS on June 20 as four entities:
- Vincera Core Physicians reported that 10,000 patients were affected;
- Vincera Surgery Center reported that 5,000 patients were affected;
- Vincera Rehab reported that 5,000 patients were affected; and
- Vincera Imaging reported that 5,000 patients were affected;
Given that the above are associated services, it is possible that a number of the patients were seen by more than one service and that the total number of patients affected may be considerably less than 25,000.
According to their press release, the potentially compromised data includes: Full name, Contact details (address, phone number, email address), Social Security number, Date of Birth, medical history and treatment records, Insurance information, or any other information the patient may have provided to the Vincera Institute.
In response to the incident, Vincera notes it has enhanced its security measures, and is investigating and remediating any vulnerabilities. They do not identify what type of ransomware was involved or whether any patient records were corrupted by ransomware.
Their full press release can be found at PRNewswire.