On January 27, 2020, the Practice became aware that its network had become the victim of a ransomware attack, which appears to have begun on January 25, 2020. The Practice’s information technology firm (the “IT Firm”) took immediate steps to isolate and mitigate the intrusion to its network. The attack was neutralized, and a complete scan of the central server was run to assure no malicious software remained. To be clear, the Practice’s electronic medical records system (“EMR”) was NOT attacked and the information contained in those records was NOT compromised. The Practice has hired a third-party security firm (the “Security Firm”) to perform an investigation to confirm no protected health information on the network was compromised. Our suspicion is that the ransomware attack was automated and was an attempt to encrypt information and extract a financial ransom from our Practice, but not to access or obtain information for further use. To date, the investigation has not yet completed, but the Practice expects that it will be completed soon, and hopes to inform you that your information has not been compromised. It is possible, however, that your personal information was accessed or disclosed in the ransomware event. Rest assured that the Practice has taken steps to mitigate the intrusion and increase its defenses against future intrusion.
What Information Was Involved:
It is possible, though we believe that it is unlikely, that your personal and financial information, which may include your name, address, social security number, medical file number, claims information, and other financial and personal information, was compromised. We will inform you as soon as possible of the results of our ongoing investigation.
What the Practice Is Doing in Response to this Incident:
The Practice’s management and the IT Firm have taken a number of measures to ensure the integrity of its information systems and prevent future breaches. The Practice has replaced its central server, has isolated the servers that were attacked, has replaced or deleted and reloaded any affected computers, has implemented an updated antivirus program, and has procured the Security Firm to test its data security measures and implement improvements, as needed, and strengthen the security and integrity of its information systems.
What Should You Do:
While the Practice is not aware of any misuse of your information, we recommend that you do the following right away:
- Obtain a copy of your credit report, following the instructions below.
- Contact your financial institutions and change your account information.
- Change your passwords.
- Remain vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity.
You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies. To order your annual free credit report, please visit www.annualcreditreport.com or call toll-free at 1-877-322-8228. Contact information for the three nationwide credit reporting companies is as follows:
Equifax: PO Box 740241, Atlanta, GA 30374, www.equifax.com, 1-800-685-1111
Experian: PO Box 2002, Allen, TX 75013, www.experian.com, 1-888-397-3742
TransUnion: PO Box 2000, Chester, PA 19016, www.transunion.com, 1-800-916-8800
If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact local law enforcement authorities and file a police report. Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. We also recommend that you visit the website identitytheft.gov for additional resources and assistance.
For More Information:
If you have any questions or concerns regarding this incident or the Practice’s response, please contact Nathan Diller, 302-652-8990, Ext. 142, PatientAffairs@brandywineurology.com, at 2000 Foulk Rd, Suite F, Wilmington, DE, 19810. You call also call 1-888-300-3342 for additional information about this potential data breach.