Riverplace Counseling Center in Anoka, MN, has revealed that malware was discovered on its systems which may have allowed unauthorized individuals to obtain access to patients’ protected health information.
The malware infection was first noticed on January 20, 2019. The counseling center brought in an IT firm to conduct a forensic analysis, remove the malware, and restore its systems from backups. The analysis process was completed on February 18, 2019.
The IT firm did not find proof that suggested patient information had been hit by unauthorized access or had been copied, but data access and PHI theft could not be totally eliminated.
The sort on information stored on the impacted systems included names, addresses, dates of birth, health insurance details, Social Security numbers, and treatment data.
Impacted individuals were alerted about the data breach on April 11, 2019 and have been given identity theft monitoring services via Kroll for 12 months for free. No reports have been received to date to suggest any patients’ PHI has been improperly used.
Riverplace Counseling Center has not publicly shared what type of malware was involved, nor how the malware was downloaded on its systems.
To enhance security and reduce the danger of further malware attacks, Riverplace Counseling Center has downloaded spam filters, upgraded its antivirus software and firewalls, and has provided further training to employees to assist them spot unauthorized access.
The counseling center has also spoken with a cybersecurity firm which is giving recommendations on new system-wide policies and procedures to further strengthen security.
According to the breach summary on the Department of Health and Human Services’ Office for Civil Rights web portal, up to 11,639 patients’ PHI was potentially impacted.