ABCD Pediatrics, located in San Antonio, Texas has notified the Office for Civil Rights that a ransomware cyber intrusion has resulted in access to its servers, including the protected health information (PHI) of its patients. The ransomware used by the attackers was Dharma. The practice found through forensic analysis that access had been gained to the systems prior to deployment of the encryption ransomware.
The attack compromised the PHI of over 55,000 patients, presumably all or mostly all minors. The information compromised included the patients’ names, addresses, telephone numbers, demographic information, dates of birth, Social Security numbers, insurance information, medical records, procedural codes and results of lab tests.
ABCD restored the data without paying the ransom. Nonetheless, 55,000 pediatric patients’ personal information was compromised.