Due to a ransomware attack that hit St. Mark's Surgical Center in Fort Myers, Florida, 33,887 individuals across seven states are being offered a year of identity protection and credit monitoring services.
Following an investigation by a third party firm in May, the surgical center learned that ransomware had been placed on certain files in the server between April 13 and April 17. What St. Mark's had the investigator do is not clear, as the organization declined to provide additional details about the incident.
Compromised protected health information included patient names, date of birth, health and treatment information and Social Security numbers.
The organization engaged a cybersecurity expert to help recover affected data, wipe ransomware from the server and determine if protected information was used, accessed, disclosed, acquired or otherwise compromised.
In a notification letter to patients, St. Mark's said there are no indications of improper use or other compromises of the data. "Nonetheless, we are providing this advisory to you and other individuals to make you aware of the incident so that you can take steps to protect yourself and minimize the possibility of misuse of your information." This type of notification to patients is required under HIPAA regulations.
St. Mark's further engaged additional protective services through Epiq, a firm that handles such breach-related issues as notices, mailings, legal settlement issues and contact centers.
Since the attack, the provider has installed a more robust firewall with unified threat management services; installed a backup and data recovery system, including hourly imaging and offsite replication to redundant data centers; developed policies to ensure all devices are fully updated; and implemented new antivirus software.
St. Mark's also gave affected individuals detailed information on avoiding identity theft, including how to contact credit rating agencies to place a fraud alert in credit files; obtaining a copy of the police report; and state-specific information on contacting their state attorney general.
Want to learn more about ransomware and how to protect yourself from it? Give us a call!
