Ransomware Attack on May Eye Care Center Impacts 30,000 Patients

On July 29, 2018, May Eye Care Center, located in Hanover, PA, was attacked with ransomware. The ransomware was downloaded and executed on a server containing patients’ protected health information (PHI) including names, birth dates, addresses, insurance details, diagnoses, treatment data, clinical data, and Social Security numbers of some patients.

A leading computer forensics firm was contracted to assist with the breach investigation and while recovery took a few days, it was possible to fully restore all files encrypted by the ransomware without data loss. May Eye Center recovered files from backups and did not make any payment to the attackers.

May Eye Center has notified all patients affected by the ransomware attack and the Department of Health and Human Services’ Office for Civil Rights was notified of the breach on October 11. OCR published a breach summary on its Breach Portal indicating 30,000 patients were affected by the ransomware attack.

May Eye Care Center is convinced the only reason for the attack was to demand a ransom payment. There was no evidence found that indicated the attackers accessed any patient’s PHI. Patients have not reported PHI misuse.

To help prevent future security incidents, including ransomware attacks, a data security company was called in to conduct a review of May Eye Care’s security systems. Additional security measures are now being implemented to improve May Eye Care’s security posture.

While data theft is not suspected, all patients whose PHI was stored on the server have been advised to review their credit statements and explanation of benefits statements for fraudulent activity and to obtain and check their credit reports.