A ransomware attack on New York-based healthcare billing company, Practice Resources (PRL), has exposed the data of more than 942,000 patients from 27 hospitals and physician's offices.
The breach was confirmed via a submission to the US Department of Health and Human Services Office for Civil Rights (HHS), which detailed that PRL had suffered a “hacking/IT incident” involving the network server that affected 942,138 individuals. According to a notice posted online by the California Attorney General’s office, the breach was due to a ransomware attack that took place on 12 April.
PRL explained in the notice that the attack “may have resulted in unauthorized access to or acquisition of [sensitive information including] name, home address, dates of treatment, health plan number, and/or medical record number”.
To combat the attack, PRL enlisted the help of “third-party experts” and “took immediate steps to secure its systems and investigate the nature and scope” of the ransomware attack. PRL also noted that since the attack it had “implemented a series of cybersecurity enhancements”. Additionally, the company provided free credit monitoring services to those affected by the breach.
PRL posted a document listing all hospitals and physicians’ offices affected by the breach.