WILLOW
GROVE, Pa., May 14, 2024
/PRNewswire/ -- On or around February
6, 2024, Hypertension-Nephrology Associates, P.C. ("the
Practice") became aware it was the target of an extortion attack
when an extortion note was found on its computer system. Upon
discovery of the extortion note, the Practice took immediate action
including engaging cybersecurity experts and launching an
investigation to understand the nature and scope. In an extortion
attack, cybercriminals gain unauthorized access to a victim's
sensitive information, such as protected health information (PHI),
and then threaten to disclose the PHI unless a ransom is paid.
The forensic investigation determined the cybercriminals
accessed the Practice's systems containing information on both
current and former patients between January
20, 2024, and February 6,
2024. During this time, they exfiltrated data containing
PHI. A comprehensive review was conducted in an effort to determine
the scope of affected PHI. The review concluded on March 15, 2024. Because the review was unable to
determine the scope and full extent of the accessed and exfiltrated
data, the Practice is treating all PHI as potentially
compromised.
The potentially compromised PHI may have included name, date of
birth, diagnosis and treatment information, Social Security number,
and health insurance identification number. To date, the Practice
has no indication that any PHI has been misused.
The Practice takes the protection of the information in its care
seriously. In addition to engaging cybersecurity experts, and
outside HIPAA counsel, the Practice implemented (and is continuing
to implement) additional security measures to safeguard the
information in its care.
The Practice is in the process of mailing notification letters
to all potentially impacted individuals and provided a call center
to answer individuals' questions. The Practice also provided notice
to applicable regulators. The Practice is offering complimentary
credit monitoring to all impacted individuals.
For questions about this incident, individuals should call
1-888-973-9859, which is available Monday through Friday,
between 9:00 a.m. and 9:00 p.m. Eastern
Time.
View original
content:https://www.prnewswire.com/news-releases/notice-of-a-data-breach-302145645.html
SOURCE Hypertension Nephrology Associates