Stockdale Radiology and Affordacare Urgent Care Clinics Impacted by Ransomware Attacks

Stockdale Radiology based in California announced the compromise of patient data due to a ransomware attack that occurred on January 17, 2020.

According to its internal investigation, the attackers accessed the first and last names of patients, addresses, refund records, and personal health information (PHI), which includes the physician’s notes. Stockdale Radiology stated that the attackers publicly exposed a small number of patient records. Stockdale Radiology likewise learned on January 29, 2020, that more patient data were potentially accessed, though not exposed to the public.

Stockdale Radiology quickly shut down its systems to stop the attackers from further unauthorized data access. A third-party computer forensics company investigated the breach to know how the attacker gained access to its systems and who were affected. The FBI also came to Stockdale Radiology within 30 minutes after receiving its notification about the attack. The FBI is still investigating the breach.

As a response to the attack, Stockdale Radiology reviewed its internal data management as well as its security practices. To prevent future attacks, it has also made improvements to its cybersecurity.

The breach report submitted to the HHS’ Office for Civil Rights website indicated that the breach affected 10,700 patients.

Ransomware Attack at Affordacare Urgent Care Clinics

Affordacare Urgent Care Clinics based in Abilene, TX began notifying its patients about the potential compromise of some of their PHI because of a ransomware attack. The healthcare provider discovered the attack on February 4, 2020, but it is believed that the attack started on or approximately February 1, 2020.

The breach analysis showed that the attackers accessed the clinics’ servers and deployed Maze ransomware. But before the ransomware deployment, the attackers acquired patient records. Part of the acquired patient data was disclosed to the public by the attackers.

The compromised servers contained the following types of data: names, addresses, phone numbers, birth dates, ages, dates of visit, visit locations, reasons for consultation, medical insurance provider names, medical insurance policy numbers, treatment codes and descriptions, insurance group numbers, and healthcare provider remarks. There was no financial data, Social Security numbers or electronic health records compromised.

Affected persons were provided with free identity theft protection, credit monitoring, and identity recovery services.