After a ransomware assault in May that severely destroyed patient information and backup data, a family medical practice in Arizona claims it is attempting to restore thousands of patients’ electronic health records.
For example, a ransomware assault on May 21 severely corrupted patient EHRs and backup data at the Arizona-based Desert Wells Family Medicine, which has been in business for 20 years, according to a notification letter and security incident notice issued on its website on September 3.
Once we saw how much damage had occurred, we enlisted help from forensics experts and data recovery specialists to do everything we could to try and retrieve the data. As a result of these efforts’ failure, patient electronic records prior to May 21 are no longer retrievable.
A hacking incident at Desert Wells Family Medical was reported on Aug. 30 to the Department of Health and Human Services HIPAA Breach Reporting Tool website, which lists health data breaches impacting 500 or more individuals.
When Information Security Media Group reached out to Desert Wells Family Medical, they did not immediately respond to our request for more information on the event.
According to Desert Wells Family Medical’s notification comments, “we will continue our efforts to assemble our patients’ data from various sources, including medical specialists, previous medical providers, hospitals pharmacy imaging centers and labs, among others.”
During this time, the office claims it would ask patients to update “required forms”.
So far, according to Desert Wells Family Medical, the independent firms aiding the practice have found no evidence of sensitive data being stolen or that any of the data involved has been or will be exploited.
A number of other healthcare companies, usually smaller clinical practices, have also reported cyber intrusions that rendered their patients’ electronic health records inaccessible in recent years.
By way of illustration, a malware event that happened in November 2019 at Houston’s Fondren Orthopedic Group irreparably corrupted thousands of computerized patient information in February 2020.
As a result, healthcare providers in at least two other incidents in 2019 decided to permanently shut down their enterprises.