The Fondren Orthopedic Group is notifying its patients that their personal health information was compromised during a November 2019 malware incident.
Fondren did not specify what type of attack took place, but in a letter to patients the group stated the PHI of both current and former patients was either exposed or damaged beyond recovery. The information includes names, address, telephone number, diagnosis and treatment information. Fondren does not believe the information was exfiltrated. The group will begin rebuilding its database by having its patients fill out new forms during their next visit.
HealthITSecurity is reporting 34,049 patients are affected.
While Fondren did not indicate the data was destroyed as a result of a ransomware attack, there is an on-going trend among cybercriminals using this type of attack where they wait many month to begin exposing data or start to make the stolen data public in order to encourage the victim to pay.