Ransomware attack on Jones Eye Clinic and Surgery Centre may have compromised data of 40,000 patients

• The data compromised in the breach includes full names, addresses, dates of birth, dates of services and more.
• The breach may have affected patients who availed services between January 1, 2003 and August 23, 2018.

A cyber attack on Jones Eye Clinic and Surgery Center, a healthcare center located in Sioux City, may have exposed the data of around 40,000 individuals. The breach was caused by a ransomware and may have impacted patients who were registered or availed services between January 1, 2003, and August 23, 2018.

Data compromised in the attack

The data compromised in the breach includes patients’ full names, addresses, dates of birth, dates of services, medical record numbers and general descriptions of the clinic visit or surgery. Social Security numbers, insurance status and claim information of some individuals were also stolen by the attackers.

The Sioux City Journal reported that the clinic’s officials discovered the ransomware attack on August 23. Following the detection, the firm took immediate steps to restore the affected computer systems, using backup information. The healthcare center also reportedly hired forensic computer experts to investigate the attack and informed the Federal Bureau of Investigation (FBI) about the data breach.

The organization reportedly discovered that the hackers had uploaded a ransomware on one of its systems on August 22. This gave ransomware operators the ability to access patients’ information and scheduled software. However, no electronic medical records were affected in the attack.

There is no evidence of whether any information has been misused or any credit card information was stolen, the Sioux City Journal reported.

Actions taken for prevention

Jones Eye Clinic and Surgery Center has reportedly informed the potentially affected patients about the breach. The firm is also offering a year’s worth of credit monitoring services for free to those affected by the breach.