Connecticut Eye Clinic Informed 23,000 Patients of Potential Breach
A private optometry clinic, Dr. Thomas DeLuca, Dr. Anthony Marciano & Associates, began notifying thousands of patients that their data may have been potentially breached due to a ransomware attack that occurred in November 2018.
The ransomware variant that successfully infected 25 computers and two servers, remains unknown. It is also unclear how the ransomware wormed its way into the network. Luckily, the clinic’s IT department was able to identify the issue rather quickly and was able to minimize the damages. The networks remained down for three days while technicians restored the encrypted files using back up data.
Although the files were able to be restored, over 23,000 patient files including patient names, social security numbers, and treatment information, may have been compromised. According to Health IT Security, the IRS recently contacted the clinic with concerns the data may have been taken without authorization and may be used to file fraudulent tax returns.
In an attempt to thwart future attacks, the optometrist office disabled all remote access ports, switched anti-virus providers, and implemented ransomware protection. The office was also able to leverage its cyber insurance to help cover the costs associated with breach notifications.
All patients will be provided a year of free credit monitoring and identity theft protection.
For a list of ransomware attacks that have already taken place in 2018, you may click here. We have also created a map, see below, of the ransomware attacks that have taken place in the U.S.