A cyber attack on Jones Eye Clinic and its surgery center has possibly affected thousands of customers.
The Jones Eye Center, P.C. and CJ Elmwood Partners, L.P., said that 40,000 people were affected by a cyber attack with patients’ protected health information possibly accessed, according to a release from the Jones Eye Clinic and the Surgery Center administrator.
Affected information was contained in their billing and scheduling software. It included full names, addresses, dates of birth, dates of service, medical record numbers, and a general description of the clinic visit or surgery. Some may have had the Social Security number, insurance status, and claim information affected. Financial information such as bank account or credit card information was not included.
They said that patients of Jones Eye Clinic and the Surgery Center who had services or registered between January 1, 2003, and August 23, 2018 may have been affected and that they have already been notified of the attack.
A staff member learned of the attack on the morning of August 23, 2018. The attack was made through ransomware, a type of computer virus that locks up, or encrypts, information and demands a payment be made in order to unlock the information.
The attack ended after using backup information. They said they then and hired a forensic computer investigator and notified the FBI. They learned that on August 22, 2018, the virus was loaded onto the system.
A review by an expert showed that the attackers had the ability to access patient information contained in the patient billing and scheduling software, but did not impact electronic medical records.
They said that there is no indication that information has been misused, and that these types of attacks are usually financially motivated and not focused on obtaining patient information. Jones Eye Clinic and the Surgery Center notified affected individuals regarding the incident nonetheless due to the possibility of having been attacked.
Jones Eye Clinic and the Surgery Center encourage affected individuals to take precautionary measures to prevent identity theft or fraud. Letters sent to affected individuals contain steps that they should take. Until January 31, 2019, they are also eligible to enroll in free credit monitoring services for one year.
A confidential, toll-free hotline has been set up for individuals who have questions or concerns about this incident. People can call 1-877-299-1557, Monday through Friday, from 8:00 a.m. to 8:00 p.m. Individuals can also visit the Jones Eye Clinic website or the Surgery Center website for information regarding this incident.