– Maryland-based Westminster Ingleside King Farm Presbyterian Retirement Communities, Inc. (Ingleside) experienced a possible PHI data breach when it was targeted by a malware attack, according to an online statement.
Ingleside discovered the malware attack on November 21, 2017, and immediately launched a software program to try and find and remove the malware from the organization’s system. There is no evidence that any data was misused, but Ingleside added that it could not rule out the chance that certain information may have been compromised.
The OCR data breach reporting tool states that 5,228 residents may have been affected.
Potentially impacted data includes resident names, addresses, dates of birth, Social Security numbers, and PHI. Financial transactions, including payment information, were not included in the affected information.
“We take the security of all potentially impacted individuals’ information very seriously, and want to assure you that we have taken steps to prevent a similar event from occurring in the future,” Ingleside stated. “This includes upgrading our firewall, antivirus and malware security, requiring all new user credentials/passwords, adopting dual-factor authentication, and providing additional staff training on identifying unauthorized access.”
The retirement community added that it will be offering free credit monitoring and identity theft restoration services for potentially impacted individuals.
New Mexico dentist reports hard drive stolen contained patient data
A laptop bag containing the hard drive was stolen from Dr. Adkins’ office on November 30, 2017. The files were from two programs used in the office: Florida Probe and Dentrix.
The Albuquerque, New Mexico-based dentist explained that the Florida Probe backup files were unencrypted and included “limited information of patient names and corresponding teeth pocket depth measurements that are used for periodontal exams.”
The Dentrix backup files are “protected within the software through Dentrix’s data-masking techniques that use cryptographic technology.” Information in those files included patient names, addresses, phone numbers, dates of birth, Social Security numbers, treatment information, and insurance information.
An individual would need the Dentrix software, Dr. Adkins’s unique software serial number, and Dr. Adkins’s Dentrix username and password to access the Dentrix files.
Furthermore, Dr. Adkins does not keep financial information, bank account information, or credit card numbers on file, so that data was not involved.
“Since Dr. Adkins has not yet been able to recover the stolen hard drive, he is unable to confirm whether the criminal actually accessed or acquired any patient information,” the statement explained. “However, out of an abundance of caution, Dr. Adkins has notified all potentially affected individuals about the issue and offered them free identity theft protection services.”
The statement did not specify how many individuals may have been impacted, and at the time of publication the OCR data breach reporting tool did not have the incident listed.