The practice was careful and often backed up patient data and stored its backups securely, so it was possible to restore the encrypted files without handing over the ransom. Data theft is not thought to be a factor but the possibility could not be ruled out, so notification letters have been sent to all impacted patients. The sorts of data which could potentially have been accessed by the cybercriminal included names, addresses, dates of birth, Social Security numbers, email addresses, and health details.
Andrews Braces has now added more security solutions and has taken other steps to strengthen security to prevent further attacks in the future.
Eversana, an independent provider of global services to the life sciences industry, has been made aware about unusual activity in its employees’ accounts and discover that the accounts had been accessed by an unauthorized individual through a legacy technology system. The investigation found that the accounts were compromised between April 1 and July 3, 2019.
The accounts contained information from a minte number of patient services programs. Nothing was found to indicate that unauthorized data access too place. However, it is possible that the attacker(s) accessed the sensitive information of certain patients. A comprehensive review of the impacted accounts concluded in February and confirmed the following data elements may have been compromised: Names, addresses, Social Security numbers, driver’s license numbers, state identification numbers, passport numbers, tax identification numbers, debit/credit card information, financial account information, usernames and passwords, health information, treatment information, diagnoses, provider names, MRN/patient ID numbers, Medicare/Medicaid numbers, health insurance information, treatment cost information, and/or prescription specifics.
Eversana has updated its legacy technology environment and has configured further safeguards to bolster security. Affected individuals have now been made aware of the breach and provided with the chance to avail of 12 months’ complimentary membership to credit monitoring and identity restoration services.
So far the incident has not being published by he HHS’ Office for Civil Rights website, so it is currently unclear how many individuals have been infiltrated in the breach.