Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.
According to a notice on the patient care clinic’s website, a hacker the computer system and then launched a ransomware attack that began encrypting data stored on the clinic’s server. Rainbow Children’s Clinic officials said that the organization retained an independent computer forensic expert to assist, and through the investigation, it was discovered that some patient records have been irretrievably deleted.
The records that have potentially been impacted may include patient’s names, addresses, dates of birth, Social Security numbers, and medical information. In addition, the impacted records may also include personal information regarding patients’ payment guarantors, including guarantors’ names, addresses, Social Security numbers, and medical payment information, the notice stated.
According to a report in Information Management, the attack affected an estimated 33,698 affected individuals who have received care from the provider. Notification letters have bene mailed out to include information about the incident and steps potentially impacted individuals can take to monitor and protect their personal information.
A recent Protenus Breach Barometer report revealed that data breaches on patient care organizations are increasing at an alarming rate. While the first six months of 2016 averaged 25.3 breaches per month, the second half thus far has had an average of 39.3 incidents per month, an over-55 percent increase, the report noted. In September alone, 32 percent (12 incidents) of breaches involved hacking, including ransomware and other malware. Five of these specifically mentioned ransomware.