Cyberattacks Impact Hendrick Health, First Impressions Orthodontics and Kids First Dentistry & Orthodontics

Hendrick Health EHR Downtime As a Result of Ransomware Attack

The IT and EHR systems of Hendrick Health in Texas were taken offline to address the threat of a cyberattack. The ransomware attack on November 9, 2020 affected some Hendrick Health’s clinics and the main campus medical center. The ransomware attack did not impact Hendrick Health’s medical center in the South and Brownwood.

Hendrick Health reported that despite the cyberattack, patient care was not affected. The medical center continued to offer inpatient services; although, a few patients had to be diverted to other campuses to receive medical care. There were also some changes made to the schedule of outpatient services.

Hendrick Health is working round the clock to fix all its systems. In the meantime, medical center staff had to record patient data manually using pen and paper.

PHI of 28,000 Dental Patients Potentially Compromised

The protected health information (PHI) of 23,000 patients of First Impressions Orthodontics is potentially compromised due to a September 28, 2020 ransomware attack.

First Impressions Orthodontics creates data backups regularly and keeps it safe. So patient data may be brought back without having to pay the ransom. Aside from the 23,000 First Impressions Orthodontics patients, the breach also impacted 5,000 Kids First Dentistry & Orthodontics patients
who go to First Impressions Orthodontics to get their x-rays.

The types of data possibly breached included names, addresses, email addresses, phone numbers, Social Security numbers, dental files, dental x-rays, service charge amounts, dental insurance numbers, and payments made for services. Compromised x-ray images contained patients’ names, birth dates, and insurance details.

First Impressions Orthodontics sent notifications to the affected persons to comply with the requirement of the HIPAA breach notification rules. Though no evidence shows that data was accessed, stolen, or misused, as a safety measure, affected patients received complimentary two-years credit monitoring and identity theft protection services.