Online Storage Vendor Pays Ransom Demand to Retrieve Healthcare Data Stolen On Cyberattack

by | Feb 24, 2021 | Compliance News

The protected health information (PHI) of 29,982 patients of Harvard Eye Associates located in Laguna Hills, CA was potentially stolen during a cyberattack on its online storage vendor. The medical and surgical eye care services provider received information on January 15, 2021 that hackers gained access to the computer system of its storage vendor and exfiltrated data.

It isn’t certain whether there was file encryption to prevent access; nevertheless, there was a ransom demand received in exchange for the return of the stolen files. The storage vendor conferred with cybersecurity specialists and the Federal Bureau of Investigation and decided to pay the ransom demand.

The hackers resent the stolen information and gave assurances that they did not retain any copies of the data and there were no other disclosures of the stolen files. The cybersecurity professionals called in by the security vendor are tracking the Internet and darknet and didn’t find any proof that suggests the sale or leak of the stolen data online. An investigation into the breach revealed that the hackers first obtained access to its computer networks on October 24, 2020.

The hackers likely acquired the following types of patient information: patients’ names, phone numbers, addresses, email addresses, dates of birth, medical histories, health insurance data, prescription drugs, and data regarding treatment acquired at Harvard Eye Associates.

Harvard Eye Associates offers billing and other admin services to Alicia Surgery Center based in Laguna Hills, which needs access to the types of information already mentioned. The security incident likewise affected Alicia Surgery Center patients. It is presently uncertain how many Alicia Surgery Center patients were impacted.

Harvard Eye Associates and Alicia Surgery Center posted in their website breach notices that affected patients will get notifications and offers of complimentary credit monitoring and identity theft protection services.

3 Steps To HIPAA Compliance

Step 1 : Download Checklist.

Step 2 : Review Your Business

Step 3 : Get Compliant!

Our HIPAA compliance checklist will outline everything your organization needs to become fully HIPAA compliant. Fill in the form below to download it now.

View our privacy policy