California’s Center for Orthopaedic Specialists (COS) last week disclosed that its three facilities were affected by a ransomware attack on a third-party system that allowed adversaries to access patient data and encrypt it for the purposes of extortion.
How many victims? The incident impacted the records of approximately 85,000 patients across COS’ three facilities in West Hills, Simi Valley and Westlake Village.
What type of information? Accessed data may have included names, birth dates, mailing addresses, medical records, insurance information and Social Security numbers.
What happened? According an FAQ web page published by COS’ identity threat protection services provider ID Experts, the perpetrators accessed the impacted system on Feb. 24, 2018. Following the attack, the system “was taken offline permanently before patient information could be removed by the unauthorized party, to the best of our knowledge.”
What was the response? COS says it has been notifying all patients whose information was stored on the compromised system, adding that disclosure didn’t occur sooner because “it takes time to gather information, identify the affected individuals, and line up the assistance services that are being offered.” The health care provider will offer two years of free identity protection services to affected patients. Federal law enforcement officials were also notified.