"Proliance Surgeons, a Seattle, WA-based surgical group that has around 100 locations in Washington state, has notified 437,392 individuals that some of their protected health information may have been stolen in a ransomware attack earlier this year. The breach notice on the website of Proliance Surgeons states that a forensic investigation was conducted by third party cybersecurity experts which confirmed that some files had been removed from its network before files were encrypted.
On May 24, 2023, it was confirmed that files containing patients’ protected health information may have been accessed or acquired on February 11, 2023. At the time it was unclear exactly how many individuals had been affected. A comprehensive review was conducted of all files potentially accessed or acquired in the attack, which confirmed they contained names in combination with one or more of the following: date of birth, Social Security number, medical treatment information, health insurance information, phone number, email address, financial account number, driver license or other identification information, and usernames and passwords.
Proliance Surgeons said immediate action was taken to protect patients’ private information and cybersecurity protocols have since been enhanced. There is no mention of credit monitoring or identity theft protection services. At least one lawsuit has already been filed against Proliance Surgeons in response to the breach."
swidup
commented
9 months ago
https://www.hipaajournal.com/almost-440000-individuals-affected-by-cyberattack-on-proliance-surgeons/
"Proliance Surgeons, a Seattle, WA-based surgical group that has around 100 locations in Washington state, has notified 437,392 individuals that some of their protected health information may have been stolen in a ransomware attack earlier this year. The breach notice on the website of Proliance Surgeons states that a forensic investigation was conducted by third party cybersecurity experts which confirmed that some files had been removed from its network before files were encrypted.
On May 24, 2023, it was confirmed that files containing patients’ protected health information may have been accessed or acquired on February 11, 2023. At the time it was unclear exactly how many individuals had been affected. A comprehensive review was conducted of all files potentially accessed or acquired in the attack, which confirmed they contained names in combination with one or more of the following: date of birth, Social Security number, medical treatment information, health insurance information, phone number, email address, financial account number, driver license or other identification information, and usernames and passwords.
Proliance Surgeons said immediate action was taken to protect patients’ private information and cybersecurity protocols have since been enhanced. There is no mention of credit monitoring or identity theft protection services. At least one lawsuit has already been filed against Proliance Surgeons in response to the breach."