Arkansas Oral Facial Surgery Center in Fayetteville was attacked by ransomware which potentially affected about 128,000 patients. It is believed that its network was installed with the ransomware from July 25 to 26, 2017. The attack was discovered immediately, but not before documents, files and x-ray images were encrypted. The patient database was not encrypted except for the limited set of data belonging to patients who received medical services three weeks before the ransomware attack.
The ransomware attack remains under scrutiny, but up to now, there’s no evidence that data theft occurred. Arkansas Oral Facial Surgery Center is convinced that the reason for the attack was not to steal data but to get ransom; nevertheless, there’s no way to ascertain there was no data access or data theft.
The information that were possibly accessed included names, birth dates, addresses, Social Security numbers, medical diagnoses, health insurance information, health conditions, treatment data and other medical information. Because of the ransomware attack, files, details of visits and medical images became unavailable.
Considering that sensitive protected health information (PHI) was possibly accessed, patients are currently being informed regarding the breach via mail. All affected persons were offered free identity repair and credit monitoring services for one year through AllClear ID.
Arkansas Oral Facial Surgery Center has cautioned patients to watch out for phishing attacks after the breach and stated that it will not ask for any personal data by telephone call or email in connection with the breach. Should there be any phone calls or email messages received, patients ought to be cautious and treat them as prospective phishing scams.