MILWAUKIE, Ore., Oct. 11, 2019 /PRNewswire/ — Monterey Health Center today announced a recent event that may have impacted the privacy of personal information relating to certain current and former patients. While Monterey Health Center is unaware of any attempted or actual misuse of personal information in relation to the event, they are providing potentially affected individuals with notice of the event, their response to it, and steps individuals may take to better protect against the possibility of identity theft and fraud, should they feel it is necessary to do so.
On August 12, 2019, Monterey Health Center became aware that its electronic medical records system became encrypted due to “ransomware” deployed by an unknown actor. Because the server that was encrypted stored patient medical records, Monterey Health Center worked quickly to (1) restore access to the patient information so they could continue to care for patients without disruption; and (2) investigate what happened and whether this incident resulted in any unauthorized access to, or theft of, patient information by the unknown actor.
Working with a third-party vendor Monterey Health Center was able to successfully restore the data contained on the impacted server. The forensic investigator also confirmed there was no exfiltration of data. Unfortunately, after an extensive investigation, Monterey Health Center was unable to determine whether this incident resulted in unauthorized access to patient information. Although Monterey Health Center has no indication that any patient information was viewed or stolen by an unauthorized actor, it is notifying potentially affected individuals about this incident in an abundance of caution due to the uncertain nature of the incident. The types of information stored on the impacted server includes: name, address, driver’s license, financial account information, Social Security number, date of birth, medical history, diagnosis/conditions, lab/test results, treatment information, medications, health insurance information, and/or claims information.
Monterey Health Center is notifying potentially affected individuals by this posting, notice on its website, and by mailing letters to potentially affected individuals. Additional information about this incident can be obtained at Monterey Health Center’s website at montereyhealthcenter.org. Monterey Health Center recommends that its patients review their Explanation of Benefits forms and report any unusual activity to their insurance company.
Monterey Health Center takes this incident and the security of the information in its care very seriously. Monterey Health Center has updated its processes to further strengthen their systems to protect personal information and will continue to work with third-party experts to help ensure the highest levels of security.
SOURCE Monterey Health Center