Ransomware attack on Urgent Care Clinic of Oxford, purportedly caused by Russian hackers

The breach occurred in early July and was discovered in August. Currently, the clinic’s computer system is up and fully operational.
By Jessica Davis
01:59 PM

Oxford, Mississippi-based Urgent Care Clinic of Oxford reported it was a victim of a ransomware attack, which appears to have been initiated by Russian hackers. The breach was discovered in August 2016, occurred at sometime in early July of 2016 and was announced Friday.

Urgent Care staff noticed the server running slowly on Aug. 2. The server was held for ransom for an undisclosed amount of time before control was returned to the clinic, according to officials. The clinic shut down the server’s remote access to prevent anyone outside of the clinic from again accessing the system.

The FBI was contacted and the incident is still under investigation. Urgent Care sent letters to the last known address of every patient in its system. At the moment, there is no final tally on how many patients were affected by this breach.

Urgent Care also hired a forensic analyst to determine the source of the hack and the exact information that was breached. The investigation proved it’s 'very likely' the attack was carried out by Russian hackers, who gained access to patient data including names, social security numbers, dates of birth, health data and other personal information.

[Also: Russian hackers hit DoD: PHI at risk?]

The cyberattack affected the personal information of both former and current patients, officials said. However, "unfortunately, we cannot say which patients specifically may have been affected by this data breach."

The clinic’s computer system is up and fully operational, according to officials.

Officials have asked any patients of the clinic prior to August 2, 2016 to read the notice regarding the breach. Urgent Care is offering one year of free credit monitoring and recommends all patients regularly check all credit card and bank account information for any suspicious activity.

"We understand this may pose an inconvenience to you, and we sincerely regret that this situation has occurred," officials said. "Urgent Care is committed to providing quality care and service to all its patients and that includes keeping your personal information as safe and secure as possible."

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.