Estill County Chiropractic in Irvine, Ky., suffered a ransomware attack on January 17, although unauthorized access to its computer system started about 10 days earlier.

“ECC believes there were initial instances of unauthorized access to its system beginning January 6, ending with the encryption of files on January 17,” the practice said in a statement.

Hackers often will initially access a system and spend time looking at the amounts, types and value of data, as well as security provisions, before launching the attack, security experts report.

Also See: How 4 key practices can prevent ransomware incidents

ECC hired a consultant to investigate the breach and determine how it happened, but could not definitively determine if data was actually viewed or taken by the hackers.

Because of the sensitivity of compromised data, including patient names, addresses, dates of birth, Social Security numbers, clinical information, provider notes, diagnoses, claims and health insurance numbers, Estill County Chiropractic is offering the 5,335 affected patients one year of credit monitoring services from Equifax Personal Solutions.

The privacy officer for the practice did not respond to a request for additional information, including whether the practice paid a ransom to unencrypt the data.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access