The data of as many as 16,000 patients of Redwood Eye Care Center in Vallejo, CA, was compromised in a ransomware attack, Security Boulevard reports.
A law firm representing the ophthalmology practice described the incident in a letter to California Attorney General Xavier Becerra.
According to the letter, Redwood learned in September that its electronic medical records hosting vendor, IT Lighthouse, experienced a data security incident that affected Redwood patient records. Affected data may have included patient names, addresses, dates of birth, health insurance information and medical treatment information.
Redwood notified 16,055 California residents of the incident, according to the letter.
“Redwood has taken affirmative steps to prevent a similar situation from arising in the future,” the letter continues. “These steps include changing medical records hosting vendors and enhancing the security of patient information.”
In its letter to patients, Redwood described the incident in this way:
Advertisement
On September 20, 2018, we learned that at sometime during the night of September 19, 2018, IT Lighthouse, the third-party vendor that hosts and stores our electronic medical records experienced a ransomware attack that affected our patient records. Ransomware is a type of malicious software that is used by cybercriminals to encrypt or lock up files on computers or servers and demand a ransom payment in order to restore access to the locked information. This ransomware attack locked the server that stored some of our patient information.
Read more at the Security Boulevard