Kentucky chiropractic practice suffers ransomware attack
Estill County Chiropractic in Irvine, Ky., suffered a ransomware attack on January 17, although unauthorized access to its computer system started about 10 days earlier.
“ECC believes there were initial instances of unauthorized access to its system beginning January 6, ending with the encryption of files on January 17,” the practice said in a statement.
Hackers often will initially access a system and spend time looking at the amounts, types and value of data, as well as security provisions, before launching the attack, security experts report.
ECC hired a consultant to investigate the breach and determine how it happened, but could not definitively determine if data was actually viewed or taken by the hackers.
Because of the sensitivity of compromised data, including patient names, addresses, dates of birth, Social Security numbers, clinical information, provider notes, diagnoses, claims and health insurance numbers, Estill County Chiropractic is offering the 5,335 affected patients one year of credit monitoring services from Equifax Personal Solutions.
The privacy officer for the practice did not respond to a request for additional information, including whether the practice paid a ransom to unencrypt the data.