Family Medicine Shady Grove LLC

Overview of the Breach at Family Medicine Shady Grove LLC

Family Medicine Shady Grove LLC (FMSG), based in Maryland, experienced a significant cybersecurity incident in August 2022. This incident involved a ransomware attack on the clinic’s internal on-site server. Despite the severity of the attack, it’s important to note that patient medical records, which are stored on a cloud-based Electronic Medical Records (EMR) system, were not impacted. However, the breach did affect patient medical billing records stored on the compromised server.

Details of the Incident

On August 9, 2022, FMSG discovered that its internal server had been encrypted with ransomware by an unauthorized actor. The data compromised in this breach included patient billing information such as Explanations of Benefits, monthly billing printouts, and personal data like names, addresses, and dates of birth. Fortunately, no social security numbers or credit card information were included in the breached data[3][4].

In response to the attack, FMSG took several steps to address and mitigate the breach’s impact. The clinic retained a computer forensics team to investigate the incident, and the FBI was notified. By September 5, 2022, FMSG was able to decrypt and recover the affected data. Further security measures were implemented to secure the clinic’s workstations and server, and no additional vulnerabilities were identified[3][4].

FMSG has stated that there is no evidence to suggest that any patient protected health information (PHI) was acquired, exfiltrated, or misused for fraudulent purposes or identity theft. To date, there have been no indications of misuse of any patient PHI[3][4].

Recommendations for Patients

As a precautionary measure, FMSG advises patients to remain vigilant in monitoring their account statements and credit reports for any suspicious activity. Patients are encouraged to report any suspected fraudulent activity or identity theft to the appropriate law enforcement authorities. Additionally, patients may find it beneficial to review tips provided by the Federal Trade Commission on fraud alerts, security/credit freezes, and steps to avoid identity theft[3].

FMSG has expressed its commitment to the confidentiality and security of patient data and has taken steps to prevent similar incidents in the future. The clinic has also provided a toll-free inquiry line for patients with questions or concerns regarding the breach[3].

Conclusion

The ransomware attack on Family Medicine Shady Grove LLC highlights the ongoing cybersecurity challenges faced by healthcare providers. While the breach did not impact patient medical records thanks to the use of cloud-based EMR systems, it serves as a reminder of the importance of robust security measures to protect sensitive patient information. FMSG’s response to the incident demonstrates a proactive approach to addressing the breach and ensuring the security of patient data moving forward.

Citations:

1. https://myfamilymeddocs.com
2. https://www.zocdoc.com/practice/family-medicine-shady-grove-30804
3. https://www.thesentinel.com/classifieds/community/announcements/legal/patient-hipaa-notice-regarding-protected-health-information/ad_d70e37ec-441d-11ed-b459-0bf011e37047.html
4. https://healthitsecurity.com/news/pa-dermatology-practice-suffers-healthcare-data-breach-33k-impacted
5. https://blackkite.com/data-breaches-caused-by-third-parties/
6. https://casetext.com/case/kulshrestha-v-shady-grove-reprod-sci-ctr
7. https://myfamilymeddocs.com/about-us/
8. https://www.adventisthealthcare.com/news/2020/informs-patients-affected-by-blackbaud-data-breach/
9. https://abingtonlaw.com/Regional-Family-Medicine-Data-Breach-class-action-lawsuit.html
10. https://stacker.com/maryland/biggest-health-care-data-breaches-you-should-know-about-maryland
11. https://www.zocdoc.com/doctor/manisha-kalra-md-84502
12. https://myfamilymeddocs.com/patient-portal/
13. https://myfamilymeddocs.com/contact-us/
14. https://casetext.com/case/em-v-shady-grove-reprod-sci-ctr-pc-1
15. https://center.mdmalpracticeattorney.com/files/2013/12/SOC2010-521R.pdf
16. https://www.jdsupra.com/legalnews/regional-family-medicine-confirms-data-4926313/