Primary Health & Wellness Center, LLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Primary Health & Wellness Center, LLC (PHWC), located in Maryland, experienced a ransomware attack on October 20, 2023. The incident was reported to the U.S. Department of Health and Human Services (HHS) on December 17, affecting 4,792 patients. The server that was encrypted contained medical records from 2018 to the present, including patient names, addresses, dates of birth, Social Security Numbers, and medical records.

In response to the attack, PHWC engaged a computer forensics incident response team and notified the FBI. The ransomware variant identified was Phobos, which gained access through remote desktop. PHWC has since disabled and secured the remote access and found no further vulnerabilities. There were no definitive indicators that patient data or protected health information was exfiltrated, and Phobos ransomware is not known for exfiltrating patient data.

Despite no evidence of data misuse, PHWC has advised patients to remain vigilant against potential fraud or identity theft by monitoring their account statements and credit reports. They have also provided guidance on steps to protect personal information and offered a toll-free inquiry line for additional support.

PHWC has taken measures to prevent similar incidents in the future and has expressed commitment to the confidentiality and security of patient data, in compliance with the Health Information Portability and Accountability Act and the Maryland Confidentiality of Medical Records Act[1].

Citations:

  1. https://www.databreaches.net/primary-health-wellness-center-llcs-public-notice-of-ransomware-incident/
  2. http://www.newbridgehealth.org
  3. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?adobe_mc=MCMID%3D02408406485458979789220680779370557994%7CMCORGID%3DA8833BC75245AF9E0A490D4D%2540AdobeOrg%7CTS%3D1696377600
  4. https://www.torrancememorial.org
  5. https://www.primaryhealthandwellness.com
  6. https://www.tricare.mil
  7. https://www.jdsupra.com/legalnews/us-wellness-announces-data-breach-1682158/
  8. https://ufhealth.org
  9. https://www.linkedin.com/posts/jaredrimer_ny-catholic-health-patients-may-have-fallen-activity-7062602670246658048-kcEm
  10. https://www.humana.com
  11. https://www.linkedin.com/posts/jaredrimer_fourth-circuit-decision-in-marriott-data-activity-7101428271715667968-Pg_8
  12. https://www.northwell.edu
  13. https://breachdata.topwords.me/hipaa?limit=20&offset=20&sort=reported_date
  14. https://member.carefirst.com
  15. https://hcahealthcare.com/about/privacy-update.dot
  16. https://www.miamiherald.com/news/business/article285167252.html
Breach Submission Date Dec 17, 2023
Converted Entity Name Primary Health & Wellness Center, LLC
Converted Entity Type Healthcare Provider
State MD
Individuals Affected 4,792
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes