Andrews Braces Hack May Have Compromised PHI of 16,600 Patients

The Sparks, NV orthodontics practice, Andrews Braces, has said that a ransomware attack took place on it’s databases, that included the encryption of patient data. The attack was initially reported on February 14, 2020, with the following investigation determining the ransomware was installed the previous day.The practice brought in a third-party forensic investigator to review the scope and extent of the attack and determine whether patient information had been accessed or stolen from the servers prior to encryption. While it is not unusual for ransomware attacks to involve stealing data, the investigation did not find anything to indicate that any evidence to suggest data had been obtained by the hackers. This seemed to be an automated attack with the chief aim of encrypting data to extort money from the medical practice.

The practice was careful and often backed up patient data and stored its backups securely, so it was possible to restore the encrypted files without handing over the ransom. Data theft is not thought to be a factor but the possibility could not be ruled out, so notification letters have been sent to all impacted patients. The sorts of data which could potentially have been accessed by the cybercriminal included names, addresses, dates of birth, Social Security numbers, email addresses, and health details.

Andrews Braces has now added more security solutions and has taken other steps to strengthen security to prevent further attacks in the future.

Eversana, an independent provider of global services to the life sciences industry,  has been made aware about unusual activity in its employees’ accounts and discover that the accounts had been accessed by an unauthorized individual through a legacy technology system. The investigation found that the accounts were compromised between April 1 and July 3, 2019.

The accounts contained information from a minte number of patient services programs. Nothing was found to indicate that unauthorized data access too place. However, it is possible that the attacker(s) accessed the sensitive information of certain patients. A comprehensive review of the impacted accounts concluded in February and confirmed the following data elements may have been compromised: Names, addresses, Social Security numbers, driver’s license numbers, state identification numbers, passport numbers, tax identification numbers, debit/credit card information, financial account information, usernames and passwords, health information, treatment information, diagnoses, provider names, MRN/patient ID numbers, Medicare/Medicaid numbers, health insurance information, treatment cost information, and/or prescription specifics.

Eversana has updated its legacy technology environment and has configured further safeguards to bolster security. Affected individuals have now been made aware of the breach and provided with the chance to avail of 12 months’ complimentary membership to credit monitoring and identity restoration services.

So far the incident has not being published by he HHS’ Office for Civil Rights website, so it is currently unclear how many individuals have been infiltrated in the breach.

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas should has data protection and innovations such as telehealth.