Associates in Dermatology
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Associates in Dermatology (AID), a healthcare provider with multiple locations in Kentucky and Indiana, experienced a significant data breach as a result of a ransomware attack on one of its vendors, Virtual Private Network Solutions, LLC (VPN Solutions). The breach was first discovered around October 31, 2021, but the full extent of the compromised data was not confirmed until March 10, 2023. AID filed a notice of the data breach with the U.S. Department of Health and Human Services Office for Civil Rights on March 17, 2023[1][5][9].
The Breach Details
VPN Solutions, which provides electronic health record management software to AID, was targeted by a ransomware attack that led to unauthorized access to certain files on the company’s network. These files contained sensitive consumer data, including names, addresses, Social Security numbers, dates of birth, medical conditions, treatments, diagnoses, test results, health insurance policy numbers, subscriber identification numbers, and health plan beneficiary numbers. The specific data compromised varied with each individual[1][5][7][9].
Response and Mitigation
Upon discovering the breach, AID began a thorough review of the affected files to determine the scope of the information compromised and which consumers were impacted. By March 10, 2023, AID had completed this process and started sending out data breach notification letters to all individuals whose information was compromised as a result of the incident[1].
To address the aftermath of the breach, AID has offered free credit monitoring and identity theft protection services to patients potentially affected by the data breach. The provider has also taken steps to notify patients of the breach and the available services, encouraging them to sign up for the free credit monitoring services as a precaution[5][9].
VPN Solutions has reportedly taken measures to secure data against future incidents, including implementing robust security controls and endpoint detection/response solutions[5].
Legal and Consumer Information
Affected individuals have been advised to understand the risks and take steps to protect themselves from potential fraud or identity theft. This includes monitoring credit reports, being vigilant for signs of identity theft, and considering legal options[1].
Associates in Dermatology, established in 2017, operates 11 locations across Kentucky and Indiana, employing more than 40 people, including 18 physicians. The practice provides comprehensive general, surgical, and cosmetic dermatology care[1][11].
This incident highlights the importance of cybersecurity measures for healthcare providers and their vendors, especially those handling sensitive patient information.
Citations:
- https://www.jdsupra.com/legalnews/associates-in-dermatology-announces-8303613/
- https://nkytribune.com/2023/11/derm-aesthetics-cosmetic-dermatology-practice-in-florence-celebrated-grand-opening-this-week/
- https://www.hipaajournal.com/associates-in-dermatology-patients-affected-by-business-associate-ransomware-attack/
- https://www.statnews.com/2023/06/02/physician-assistants-associates-pas-new-name/
- https://www.newsandtribune.com/news/associates-in-dermatology-responds-to-data-breach/article_2899bdc2-c761-11ed-8723-37b953b2bfac.html
- https://www.cbsnews.com/news/melanoma-monday-tips-to-prevent-skin-cancer/
- https://www.thelyonfirm.com/blog/associates-in-dermatology-data-breach-investigation/
- https://www.bizjournals.com/louisville/news/2014/01/17/medical-practice-picks-east-end-over.html
- https://news.yahoo.com/associates-dermatology-responds-data-breach-022000767.html
- https://www.somerset-kentucky.com/news/local_news/new-dermatologist-coming-to-somerset/article_7cb32e0b-9245-51c1-b26b-2453a7335a22.html
- https://www.associatesindermatology.com
- https://www.syracuse.com/news/2018/12/post_1225.html
- https://sos-vo.org/news/associates-dermatology-responds-data-breach
- https://www.owensborotimes.com/life/health-wellness/2021/06/oh-moving-plastic-reconstructive-surgery-transferring-ownership-of-dermatology-practice/
- https://www.associatesindermatology.com/physicians-extenders/