Practice Announcements and Updates
February 16, 2018
Privacy Event at Jemison Internal Medicine, PC
Jemison Internal Medicine, PC (“JIM”) has advised its patients of a privacy event that may have compromised certain personal information. The incident is believed to be the result of criminal activity.
On December 20, 2017, JIM’s computer system was infected by a ransomware virus that encrypted its electronic medical record (EMR) software containing patients’ medical records. The ransomware demanded monetary payment from JIM in order to decrypt the files and allow the practice to regain access to them. JIM did not pay the ransom to the cyber criminals, but instead removed the virus by reinstalling the operating system on its server and then restoring its patient records from backup copies. Subsequent scans of the practice’s computer system have shown no additional indications of the ransomware.
JIM’s investigation of the incident did find, however, that the ransomware attack was launched by an unknown hacker who gained access to its computer system without its knowledge between September and December 2017. JIM has not found any confirming that the hacker actually accessed any files within its EMR system during the times he gained access, but it is possible that he could have done so. Therefore, JIM has chosen to notify all of its patients about the incident out of an abundance of caution. In that regard, it is possible that this unauthorized individual could have accessed files in JIM’s EMR system, which includes patient information, including names, addresses, telephone numbers, Social Security numbers, dates of birth, driver’s license numbers, treatment or procedure information, prescription information, and/or healthcare insurance information.
JIM takes the protection of its patients’ personal information seriously and has taken immediate steps in response to learning of this incident, including changing all passwords to access its system and disabling remote connectivity into its system. JIM also is reviewing its policies and procedures and evaluating other steps to further strengthen the security of its patients’ information.
“We take patient privacy seriously and are very sorry for any concern or inconvenience this incident has caused or may cause to anyone who has been affected,” said Dr. Jay Patel, JIM’s physician. Those who believe they may have been affected by this incident should contact JIM’s dedicated incident response hotline at (888) 257-0054.