1,750 patients have been notified that some of their protected health information may have been accessed and stolen by a criminal attacker who gained access to Austin Manual Therapy (AMT) systems.
Following a forensic investigation, by a leading national cybersecurity team, it has been found that access was first gained on October 3, 2017 and continued until October 9, when the intrusion was found and blocked. In the the breach notice posted on the AMT website it states that access was not gained to the company’s electronic medical record system. Only a small portion of the network, including one computer and a sharing file system, was accessed.
Though the forensic investigation confirmed that access to a number of files had been gained, it was not clear how much information was accessed and which, if any, documents had been taken. An analysis of the file system and computer indicated that the following information could have been obtained: Names, addresses, dates of birth, phone numbers, dates of service, charge amounts, jobs, insurance data and policy information, health screening notes, diagnoses, driver’s license information, referring doctor information and Social Security numbers.
The breach investigation has largely come to an end, although TMD said it is continuing to liaise with forensic investigators and that the investigation will likely continue until the end of the current year.
Additional security steps have now been put in place to prevent this type of attack from being experience in the future. While the particulars of the attack was not detailed in the TMD breach report, Databreaches.nethas reported that this was carried out by the hacking group TheDarkOverlord.
Those people impacted by the breach have been advised that they can, separately, obtain free credit reports and use a fraud alert and security freeze on their accounts, but it would not appear that free credit monitoring or identity theft protection services have been offered by Austin Manual Therapy (AMT).