Honolulu-based Fetal Diagnostic Institute of the Pacific (FDIP) announced it was hit by a ransomware attack that may have compromised patient data.
The malware gained access to information stored on FDIP servers that held patient information and may have accessed patients' full name, date of birth, home address, account number, diagnosis, and other types of information.
Officials learned of the incident on June 30, 2018 and a cybersecurity firm was able to successfully remove the malware and restore the systems from backup files.
“Because this access of PHI was not for the purpose of treatment, payment or health care operations, and did not fall within any of the exceptions to the general rule prohibiting use or disclosure of an individual's PHI without written authorization as set forth in the Health Insurance Portability and Accountability Act ("HIPAA") regulations, it constituted a violation of HIPAA,” the firm said in its notice of breach. “As required by law, FDIP will report this incident to the U.S. Department of Health and Human Services.”
The institute has since implemented new security processes and patients are encouraged to be cautious of any suspicious communications or other activity that may be related to the compromise.