Data security breach at local neurosurgical center
LAKE CHARLES, LA (KPLC) - A data security breach has occurred at a local neurosurgical center.
The Center for Neurosurgical and Spinal Disorders announced Wednesday that a breach occurred in July.
A hacker gained remote access to the office manager's computer and installed a program that recorded keystrokes and periodically took screenshots of what was being displayed on the computer, according to a news release from Office Manager Courtney Williams.
Screenshots were taken of 823 patients' information, as well as of 311 patients of another practice for whom the Center bills, between the dates of July 7 through July 18.
The screen shots revealed that some patients only had their name displayed, while the screen shots of other patients reflected more detailed information including name, address, phone number, social security number, medical chart information, and billing information.
The hacking appears to be a foreign cyberattack, Williams said.
The Center has hired an identity theft and restoration firm, Identity Force. Concerned patients may contact Identity Force at 1-877-MYIDFORCE (877-694-3367) or at firstname.lastname@example.org.
Here is the full news release:
Lake Charles, LA – On the morning of July 21, 2016, we detected an unauthorized intruder in one of our computers. Access to this computer was immediately shut down; subsequently, CNSD's servers and network were taken offline. CNSD's IT professional, who after performing an investigation, determined that a hacker had gained remote access to the office manager's computer and installed both a program which recorded the user's keystrokes, and a program that periodically took screen shots of what was being displayed on the computer. A subsequent investigation revealed that screen shots of 823 CNSD's patients (along with 311 patients of another practice for whom CNSD bills) were taken between the dates of 7/7/16-7/18/16. It is unclear whether any of this information was downloaded. The Federal Bureau of Investigation (FBI) is actively performing a forensic investigation of what appears to be a foreign cyberattack based upon the Cyrillic script language used by the hacker. The screen shots revealed that some patients only had their name displayed, while the screen shots of other patients reflected more detailed information including name, address, phone number, social security number, medical chart information, and billing information.
CNSD has taken the following steps in connection with this security breach to preclude future reoccurrences.
1. CNSD reported the security breach to the FBI. Two FBI agents came to CNSD's office and interviewed the owner, office manager, and IT professional. The FBI has taken custody of the hard drive which was hacked and opened an investigation.
2. CNSD sent notification letters to all known patients affected by the security breach.
3. After the FBI took the hacked hard drive, CNSD's IT professional put in a new hard drive with a new operating system into the computer at issue, and CNSD hired a separate IT security company to perform a complete examination of all software, servers, computers, routers, firewalls, and office security. No additional suspicious programs, viruses, spyware, or malware were detected. The security firm has been retained to provide ongoing network security analysis and advanced threat protection.
4. CNSD will be notifying the federal Office of Civil Rights which monitors security breaches.
5. CNSD is notifying the three major consumer credit reporting companies in the United States.
6. To protect against identify theft, CNSD has hired an identity theft and restoration firm, Identity Force, to provide free identity theft insurance, identity monitoring, and identity restoration to all patients whose data was accessed, and to answer all patients' questions. Questions regarding this matter may be directed to Identity Force, 1-877-MYIDFORCE (877-694-3367) or by email: email@example.com.
Copyright 2016 KPLC. All rights reserved.