Cochise Eye and Laser in Sierra Vista, AZ, has been hit by a ransomware attack.
The Jan. 13 incident “involved the encryption of our patient scheduling and billing software,” according to a notice on the practice’s website.
“There is no evidence that the data was taken, only that it was encrypted, and in some cases deleted, making it impossible for us to access anything in our scheduling system,” the practice stated in the Feb. 13 notice. “Our office is still operating with paper charts, so we can continue care of our patients.”
The practice said it’s been augmenting its security measures as well as recovering data and creating a new offsite backup. We will be using charts to rebuild our schedules.
“Everyone seen after January 1st, 2020 will be called to reschedule follow up appointments, as we have no way of knowing when they were originally scheduled,” the practice stated. “Although there is no evidence the data was taken, this is considered a breach of protected health information. Names, dates of birth, addresses, phone numbers, and in some cases social security numbers were stored in our billing software.”
Cochise Eye and Laser is recommending that its patients place a fraud alert on their credit file.
The practice reported the incident to the U.S. Department of Health and Human Services Office for Civil Rights, stating that records for up to 100,000 patients were affected.
Cochise Eye and Laser operates two optometry clinics and one medical/surgical office in Arizona.