Ransomware Attack on Arkansas Oral Facial Surgery Center Potentially Impacts 128,000 Patients

Arkansas Oral Facial Surgery Center in Fayetteville was attacked by ransomware which potentially affected about 128,000 patients. It is believed that its network was installed with the ransomware from July 25 to 26, 2017. The attack was discovered immediately, but not before documents, files and x-ray images were encrypted. The patient database was not encrypted except for the limited set of data belonging to patients who received medical services three weeks before the ransomware attack.

The ransomware attack remains under scrutiny, but up to now, there’s no evidence that data theft occurred. Arkansas Oral Facial Surgery Center is convinced that the reason for the attack was not to steal data but to get ransom; nevertheless, there’s no way to ascertain there was no data access or data theft.

The information that were possibly accessed included names, birth dates, addresses, Social Security numbers, medical diagnoses, health insurance information, health conditions, treatment data and other medical information. Because of the ransomware attack, files, details of visits and medical images became unavailable.

Considering that sensitive protected health information (PHI) was possibly accessed, patients are currently being informed regarding the breach via mail. All affected persons were offered free identity repair and credit monitoring services for one year through AllClear ID.

Arkansas Oral Facial Surgery Center has cautioned patients to watch out for phishing attacks after the breach and stated that it will not ask for any personal data by telephone call or email in connection with the breach. Should there be any phone calls or email messages received, patients ought to be cautious and treat them as prospective phishing scams.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/