Data breach affects 16,000 patients of Georgia medical center
Approximately 16,000 patients of Mind and Motion Developmental Centers of Georgia were affected by a ransomware attack, the facility announced in a recent breach notification letter. According to its letter, on September 30, 2018, it was discovered that a server at the facility had been corrupted by ransomware.
Protected health information that may have been compromised in the server breach included:
- Addresses
- Birthdays
- Genders
- Insurance information
- Medical diagnoses
- Medical histories
- Medical records
- Names
- Social Security numbers
After discovering the attack, the facility hired a compliance consulting firm to ensure HIPAA compliance. The facility also brought in an IT firm to recover lost data and analyze how the server was breached to tighten security protocols in the future. The IT firm discovered an inactive keylogger, a spam emailer, and other minor malware.
The facility is implementing an action plan that includes more complex passwords and forced regular password changes, scanning and updating antivirus/antimalware software more regularly, encryption for all on-site computers, as well as staffwide HIPAA training.