Associates in Dermatology

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Associates in Dermatology (AID), a healthcare provider with multiple locations in Kentucky and Indiana, experienced a significant data breach as a result of a ransomware attack on one of its vendors, Virtual Private Network Solutions, LLC (VPN Solutions). The breach was first discovered around October 31, 2021, but the full extent of the compromised data was not confirmed until March 10, 2023. AID filed a notice of the data breach with the U.S. Department of Health and Human Services Office for Civil Rights on March 17, 2023[1][5][9].

The Breach Details

VPN Solutions, which provides electronic health record management software to AID, was targeted by a ransomware attack that led to unauthorized access to certain files on the company’s network. These files contained sensitive consumer data, including names, addresses, Social Security numbers, dates of birth, medical conditions, treatments, diagnoses, test results, health insurance policy numbers, subscriber identification numbers, and health plan beneficiary numbers. The specific data compromised varied with each individual[1][5][7][9].

Response and Mitigation

Upon discovering the breach, AID began a thorough review of the affected files to determine the scope of the information compromised and which consumers were impacted. By March 10, 2023, AID had completed this process and started sending out data breach notification letters to all individuals whose information was compromised as a result of the incident[1].

To address the aftermath of the breach, AID has offered free credit monitoring and identity theft protection services to patients potentially affected by the data breach. The provider has also taken steps to notify patients of the breach and the available services, encouraging them to sign up for the free credit monitoring services as a precaution[5][9].

VPN Solutions has reportedly taken measures to secure data against future incidents, including implementing robust security controls and endpoint detection/response solutions[5].

Legal and Consumer Information

Affected individuals have been advised to understand the risks and take steps to protect themselves from potential fraud or identity theft. This includes monitoring credit reports, being vigilant for signs of identity theft, and considering legal options[1].

Associates in Dermatology, established in 2017, operates 11 locations across Kentucky and Indiana, employing more than 40 people, including 18 physicians. The practice provides comprehensive general, surgical, and cosmetic dermatology care[1][11].

This incident highlights the importance of cybersecurity measures for healthcare providers and their vendors, especially those handling sensitive patient information.

Citations:

  1. https://www.jdsupra.com/legalnews/associates-in-dermatology-announces-8303613/
  2. https://nkytribune.com/2023/11/derm-aesthetics-cosmetic-dermatology-practice-in-florence-celebrated-grand-opening-this-week/
  3. https://www.hipaajournal.com/associates-in-dermatology-patients-affected-by-business-associate-ransomware-attack/
  4. https://www.statnews.com/2023/06/02/physician-assistants-associates-pas-new-name/
  5. https://www.newsandtribune.com/news/associates-in-dermatology-responds-to-data-breach/article_2899bdc2-c761-11ed-8723-37b953b2bfac.html
  6. https://www.cbsnews.com/news/melanoma-monday-tips-to-prevent-skin-cancer/
  7. https://www.thelyonfirm.com/blog/associates-in-dermatology-data-breach-investigation/
  8. https://www.bizjournals.com/louisville/news/2014/01/17/medical-practice-picks-east-end-over.html
  9. https://news.yahoo.com/associates-dermatology-responds-data-breach-022000767.html
  10. https://www.somerset-kentucky.com/news/local_news/new-dermatologist-coming-to-somerset/article_7cb32e0b-9245-51c1-b26b-2453a7335a22.html
  11. https://www.associatesindermatology.com
  12. https://www.syracuse.com/news/2018/12/post_1225.html
  13. https://sos-vo.org/news/associates-dermatology-responds-data-breach
  14. https://www.owensborotimes.com/life/health-wellness/2021/06/oh-moving-plastic-reconstructive-surgery-transferring-ownership-of-dermatology-practice/
  15. https://www.associatesindermatology.com/physicians-extenders/
Breach Submission Date Mar 17, 2023
Converted Entity Name Associates in Dermatology
Converted Entity Type Healthcare Provider
State KY
Individuals Affected 8,517
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes