On May 5, the Bay Area Children's Association reported to the California Attorney General that an attacker compromised patient information after planting malware on the systems of its electronic medical record provider.
How many victims? Unknown.
What type of information? Names, addresses, telephone numbers, dates of birth, social security numbers, medical insurance and health visit information, if such information was provided to the association.
What happened? Officials believe that in January 2015, cyber intruders used stolen credentials to access and load malware onto the association's electronic medical record provider's systems. On April 1, the association was notified that patient records were acquired by unauthorized persons. The Bay Area Children's Association attempted to discover which patients were impacted by the breach but couldn't confirm with high levels of confidence. So far there has been no evidence of fraudulent use.
What was the response? The association sent out a Notice of Data Breach, dated May 6, 2016, to those who may have been affected. The Bay Area Children's Association will provide free credit monitoring services for 12 months. The Federal Bureau of Investigation (FBI), Secret Service, and the U.S. Attorney's Office have all been notified of the incident.
Quote: “Given the breadth of information potentially exposed, we strongly recommend you call the three major credit agencies and place a 90 day fraud alert on your accounts,” according to the breach notice.
Source: Notice of Breach, Press Release