The Texas-based Urology Austin has acknowledged that it fell victim to a ransomware attack in January, and has since notified some 200,000 patients that their information might have been breached.
According to a notice from the healthcare provider, “On January 22, 2017, Urology Austin was the victim of a ransomware attack that encrypted the data stored on our servers. Within minutes, we were alerted to the attack, our computer network was shut down, and we began an investigation. We also began to take steps to restore the impacted data and our operations. Through our investigation, we determined that some patient information was impacted by the ransomware. That information includes patient names, addresses, and dates of birth, Social Security numbers, and medical information.”
Meanwhile, KXAN-TV reported that the provider doesn’t believe that any actual information was taken or will be misused, but nonetheless they alerted 200,000 patients affected “out of an abundance of caution.” Further, according to that report, “Urology Austin says they did not pay a ransom, and were able to restore patient information from a backup. Since the attack they say they’ve taken steps to improve their network and system security.”
According to HIPAA Journal, “The breach notice submitted to the California attorney general’s office provides an indication of how the ransomware attack occurred. Urology Austin said employees have been retrained regarding suspicious emails, patient privacy and security, suggesting the infection was the result of a member of staff responding to a malicious email.”
In the notice, Urology Austin said that they have established a toll-free call center to answer questions about the incident and related concerns.
