Southeastern Council on Alcoholism and Drug Dependence Notifies Patients Following Ransomware Attack

The Southeastern Council on Alcoholism and Drug Dependence is notifying 25,000 patients that their PHI has been compromised in a ransomware attack.

SCADD, based in Lebanon, Connecticut, first detected disruptions to their network on February 18, 2019. An investigation was immediately launched, which revealed that ransomware had been installed on its system. The attack resulted in widespread encryption of patient files.

Ransomware is malware variant which denies the user access to their device, or individual files on the device until a ransom has been paid to the scammer. Ransomware attacks are becoming increasingly common, particularly against organisations in the healthcare industry due to the high black-market of healthcare data.

The investigators determined that the files included information including patient names, addresses, Social Security numbers, medical histories, and treatment information. SCADD contracted a third-party cybersecurity company to assist with the breach investigation.

The investigators did not uncover any evidence to suggest that the hacker accessed or downloaded any patient information. However, access could not be ruled out definitively.

Consequently, SCADD reported the incident was reported to the HHS’ Office for Civil Rights as a potential data breach. Following HIPAA’s Breach Notification Rule, notification letters have been sent to affected patients. SCADD has stated that they have yet to receive reports that patient data has been misused.

As an act of good faith, SCADD is offering affected individuals credit monitoring and identity protection services at no cost. It has set up a toll-free line which individuals may call to gather more information about the breach. The breach notification letters contained information on how patients can help protect themselves against identity theft.

The breach summary on the OCR website indicates up to 25,148 patients have been affected by the incident.

Tags

Murphy Miller

Murphy Miller

Murphy Miller is the Editor of Healthcare IT Journal, a leading newspaper in the healthcare information technology. Murphy's work covers a variety of topics including healthcare information technology advancements, health policy and compliance, patient privacy and confidentialy, and the financial aspects of healthcare. As the editor of the Healthcare IT Journal, Murphy Miller provides straightforward, informative content to guide professionals and policymakers in the healthcare and IT fields.

Get the free newsletter

Discover everything you need to become HIPAA compliant
Please enable JavaScript in your browser to complete this form.
Name

Read Next

Scroll to Top

Get the free newsletter

Discover everything you need to become HIPAA compliant
Please enable JavaScript in your browser to complete this form.
Name