PHI of 29,000 Patients Possibly Exposed Due to a Ransomware Attack at McAllen Surgical Specialty Center

McAllen Surgical Specialty Center in Texas has begun informing patients regarding a ransomware attack, which was discovered on May 14, 2021.

Independent computer forensics experts investigated the breach to find out the nature and extent of the cyberattack. The investigators confirmed unauthorized persons had acquired access to some computers and servers last May 12, 2021 and used ransomware. The unauthorized network access was stopped on May 14.

A detailed evaluation was performed to find out which servers and computers were impacted, and which were possibly accessed by the attackers. On July 22, it was confirmed that patient information was possibly compromised during the attack.

The impacted computers and servers had a variety of patient data, with the types of compromised information differing from one patient to another. Information possibly impacted are names, Social Security numbers, addresses, dates of service, medical insurance data, provider name, medical record numbers, and patient numbers.

There is no proof of data theft discovered and McAllen Surgical stated in its substitute breach notice last September 20, 2021 that it is not aware of any occurrences of actual or attempted patient data misuse; nonetheless, impacted employees and patients were instructed to be cautious and keep track of their accounts and explanation of benefits statements for indications of fake activity. The healthcare provider started to mail notifications to impacted individuals on September 20, 2021.

McAllen Surgical stated it is going to review and improve its current policies and procedures to avoid more privacy breaches. It has already reported the ransomware attack to the Department of Health and Human Services’ Office for Civil Rights indicating that 29,227 persons were affected.