Delaware Oncology Practice Acknowledges Ransomware Attack that Went Unnoticed for a Month

Medical Oncology Hematology Consultants, a Newark, Del.-based oncology practice, has notified patients that it discovered a ransomware attack that targeted certain electronic files in the organization.

According to reports, the attack potentially impacted the records of more than 19,000 patients. The oncology group posted a privacy notice to its website, saying that the breach occurred on June 17, yet was not discovered until July 7—nearly a month later.

The notice stated that “the affected files contained certain data elements of personal information for the practice’s patients, such as names, dates of birth, phone numbers, health information, and treatment information.”

The practice said that it engaged the assistance of third-party experts to assist them in recovering the affected data and to help investigate whether the breached information was used or disclosed by the unauthorized parties. “The practice is not aware of any improper use, disclosure, or acquisition of, or access or compromise to, the information contained in the affected files,” according to the notice.

What’s more, the organization said that since the attack, it has taken a number of actions to prevent an incident like this from happening again, such as: resetting network passwords; restoring servers; hiring a forensic expert to evaluate what happened; conducting additional security training for its employees; and implementing a two-factor login authentication system.

Medical Oncology Hematology Consultants is an eight-physician practice and is the largest infusion treatment center in Delaware, its officials say.