Ransomware attack on dermatology office breaches more than 13,000 patient records
Reston, Virginia-based Professional Dermatology Care reported that an unauthorized third party accessed protected health information and financial data of 13,237 of its patients.
The cybercriminals encrypted the patient data with ransomware, intending to extract money from the healthcare organization According to officials, the breach was not to 'misuse patient data.' The incident occurred between June 19 and 27 this year, when PDC officials discovered the breach.
The stolen data included patient names, addresses, dates of birth, social security numbers, Medicare identification numbers and medical and billing records, according to a statement from PDC.
All patients are being notified of the breach and should take steps to protect their information, although there is no evidence the stolen data has been misused. PDC will provide affected patients with identity protection and support.
"PDC has already taken numerous steps to safeguard and prevent any further data breach of its network server and its patients' protected health information," PDC said in a statement. "We've increased cybersecurity, implemented a new firewall, as well as malware protection services."
"The data breach was immediately reported to the FBI and reports are being provided to the Virginia Office of the Attorney General and to the U.S. Department of Health and Human Services," the company added.