Oregon Anesthesiology Group (OAG) experienced a cyberattack, potentially impacting about 750,000 patients and 522 current and former OAG employees.
At the beginning of December, OAG disclosed that it experienced a cyberattack on July 11, after which the company was briefly locked out of its servers.
On October 21, the FBI said it had seized an account belonging to a Ukrainian hacking group HelloKitty, which contained OAD patient and employee files. ZDNet was the first to report on the issue.
OAG obtained the cyber forensics report in late November, which showed that the cybercriminals, once inside, were able to data-mine the administrator’s credentials and access OAG’s encrypted data.
The data breach potentially impacted about 750,000 patients and 522 current and former OAG employees. They are now notifying individuals who may have been affected by the breach. However, OAG has no evidence to suggest actual or attempted misuse of information due to this incident.
Patient information potentially involved in this incident included names, addresses, date(s) of service, diagnosis and procedure codes with descriptions, medical record numbers, insurance provider names, and insurance ID numbers.
The cybercriminals had also potentially accessed current and former OAG employee data, including names, addresses, Social Security numbers, and other details from W-2 forms on file.
“Potentially impacted individuals should keep an eye out if any of their personal information is shared. They should be wary of any mail that seems suspicious, such as notices from the IRS regarding taxes, medical insurance claims for unknown services, or bills from unknown lenders. Impacted individuals should closely monitor financial accounts and set up alert features to keep them notified of any unusual events,” OAG said.
More from CyberNews:
Subscribe to our newsletter