A ransomware attack at Urgent Care Clinic of Oxford, Miss., sparked notification to patients that their protected health information was compromised and a payment was made to the hackers.

The local newspaper, The Oxford Eagle, reported that about 58,000 individuals were affected.

The clinic, in a notice to patients, said an investigation that included the FBI “revealed it is very likely that the attack was carried out by criminal Russian hackers.”

The attack originated in early July and was discovered on August 2, when computer system activity noticeably slowed down. “The hackers held the server for ransom before turning control back over to the Urgent Care staff,” the patient notice stated.

Also See: Spine care practice pays ransom, regains its systems

Patient data at risk included names, Social Security numbers, dates of birth and additional personal information that was not specified, as well as medical information. “Unfortunately, we cannot say which patients specifically may have been affected by this data breach,” the notice said.

Consequently, all known patients are being offered one year of credit monitoring services from Equifax and counseled to regularly check credit and bank account activity.

After regaining control of the server, the clinic disabled the server’s remote access that had been enabled for outside technical support of the electronic health records system.

Executives at the clinic did not respond to a request for additional comment.

(This article appears courtesy of our sister publication, Health Data Management)

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access