Primary Health & Wellness Center, LLC
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Primary Health & Wellness Center, LLC (PHWC), located in Maryland, experienced a ransomware attack on October 20, 2023. The incident was reported to the U.S. Department of Health and Human Services (HHS) on December 17, affecting 4,792 patients. The server that was encrypted contained medical records from 2018 to the present, including patient names, addresses, dates of birth, Social Security Numbers, and medical records.
In response to the attack, PHWC engaged a computer forensics incident response team and notified the FBI. The ransomware variant identified was Phobos, which gained access through remote desktop. PHWC has since disabled and secured the remote access and found no further vulnerabilities. There were no definitive indicators that patient data or protected health information was exfiltrated, and Phobos ransomware is not known for exfiltrating patient data.
Despite no evidence of data misuse, PHWC has advised patients to remain vigilant against potential fraud or identity theft by monitoring their account statements and credit reports. They have also provided guidance on steps to protect personal information and offered a toll-free inquiry line for additional support.
PHWC has taken measures to prevent similar incidents in the future and has expressed commitment to the confidentiality and security of patient data, in compliance with the Health Information Portability and Accountability Act and the Maryland Confidentiality of Medical Records Act[1].
Citations:
- https://www.databreaches.net/primary-health-wellness-center-llcs-public-notice-of-ransomware-incident/
- http://www.newbridgehealth.org
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?adobe_mc=MCMID%3D02408406485458979789220680779370557994%7CMCORGID%3DA8833BC75245AF9E0A490D4D%2540AdobeOrg%7CTS%3D1696377600
- https://www.torrancememorial.org
- https://www.primaryhealthandwellness.com
- https://www.tricare.mil
- https://www.jdsupra.com/legalnews/us-wellness-announces-data-breach-1682158/
- https://ufhealth.org
- https://www.linkedin.com/posts/jaredrimer_ny-catholic-health-patients-may-have-fallen-activity-7062602670246658048-kcEm
- https://www.humana.com
- https://www.linkedin.com/posts/jaredrimer_fourth-circuit-decision-in-marriott-data-activity-7101428271715667968-Pg_8
- https://www.northwell.edu
- https://breachdata.topwords.me/hipaa?limit=20&offset=20&sort=reported_date
- https://member.carefirst.com
- https://hcahealthcare.com/about/privacy-update.dot
- https://www.miamiherald.com/news/business/article285167252.html