Arjuna Kodisinghe - stock.adobe.
OakBend Medical Center Provides Healthcare Data Breach Notice
OakBend confirmed that the healthcare data breach resulted in data encryption and exfiltration.
As previously reported, OakBend Medical Center suffered a ransomware attack resulting in a healthcare data breach on September 1. OakBend spent the following weeks rebuilding its communication systems.
In a new website notice, OakBend provided additional details about the breach and noted that certain servers and computers were encrypted as a result of the attack. Some data was also removed from OakBend’s systems.
“While we know that the cybercriminals had sufficient access to OakBend’s systems to encrypt our data, our investigation indicates that a limited amount of data was actually transferred out of the OakBend computing environment,” the notice explained.
“For example, we do not believe that the cybercriminals were able to remove the entire medical record of OakBend’s patients. It does appear, however, that the cybercriminals were able to access and/or remove certain employee data sets and certain reports that included the personal and medical information related to our current and former patients, employees, and related individuals.”
Names, contact information, dates of birth, and Social Security numbers were potentially impacted by the breach.
OakBend said it was cooperating with the FBI to investigate the cybercriminals and have since implemented additional security measures.
“It is possible you may receive spam email messages and/or other fraudulent communications using your contact information,” OakBend also noted.
“We want to urge you to be cautious when opening links or attachments from unknown third parties. Be particularly careful if you receive emails asking for your login/password information at various financial institutions and/or from the IRS, as such emails are likely fraudulent.”
The medical center also suggested that impacted individuals review account statements and credit reports with care and report any fraudulent activity.