The HIPAA Guide - Celebrating 15 Years Online

PHI of 16,000 Mind & Motion Patients Potentially Compromised Due to Ransomware Attack

December 14, 2018HIPAA Breaches, Violations, and Fines0

Mind & Motion Developmental Centers of Georgia has discovered hackers installed malware and ransomware on one of its servers, which potentially gave them access to the protected health information (PHI) of patients.

The ransomware was installed on a server that stores Mind & Motion medical records. The types of information that were possibly compromised include patients’ names, birth dates, addresses, gender, Social Security numbers, health histories, medical diagnoses and health insurance details.

Mind & Motion found out about the ransomware attack on September 30, 2018. TeamLogic IT investigated the breach and tried to figure out how the attack happened. The IT vendor also helped in the recovery of data that became inaccessible because of the ransomware. Aside from the ransomware infection, TeamLogic IT found a spam emailer and an inactive keylogger on the server.

TeamLogic was able to successfully remove all malware and associated accounts. There was no evidence found to indicate the malware allowed the attackers to gain access to the financial data of patients and the center’s scheduling and electronic billing systems remained secure at all times.

Since the discovery of the attack, Mind & Motion has not been made aware of any misuse of PHI. It is assumed that the attacker’s intention was solely to extort money from Mind & Motion. Mind & Motion does not believe patients will experience any adverse consequences due to the cyberattack.

Mind & Motion has reset all passwords and is now enforcing the use of complex passwords on all accounts. The center also introduced a policy that forces users to change their passwords more often. Professional anti-malware solutions have been installed on computers and servers and they will be scanned on a regular basis. Mind & Motion has also employed encryption on all computers and is now using new anti-spam technology to defend against phishing attacks.

HIPAA
Compliance
Checklist

Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

After detecting the breach, Mind and Motion employed a compliance consulting company to ensure that the center complies with all HIPAA requirements. The consulting company will also train all employees on HIPAA compliance in the next 30 days.

On November 30, 2018, Mind & Motion submitted a breach report to the Department of Health and Human Services’ Office for Civil Rights. The breach report shows up to 16,000 patient records were possibly compromised.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/

Copyright © 2007-2023 The HIPAA Guide       Site Map      Privacy Policy       About The HIPAA Guide