The Redwood Eye Center has notified 16,000 California residents their personal information may have been compromised when a company subcontractor suffered a ransomware attack.
The Redwood Eye Center learned on September 19, 2018 that third-party vendor IT Lighthouse that hosts Redwood’s medical records database experienced a ransomware attack that locked the server containing 16,055 the company’s customer records. The information stored on the server included patient names, addresses, dates of birth, health insurance information, and medical treatment information, the company said in its official notification to the California attorney generals office.
Redwood and the third-party contracted with a specialized medical software vendor and a digital forensic firm to root out the cause and to regain access to the encrypted files. Since this was a ransomware attack and not a direct data breach Redwood does not believe any customer information was exfiltrated.
“We are taking steps to change our medical record hosting vendor and enhance the security of our patient information,” Redwood said.