Notice to Our Patients of Ransomware Attack
The Susan M. Hughes Center is committed to maintaining the privacy and security of patient information we maintain. This notice is to inform you of an incident involving some of that information.
On August 30, 2016, we became aware of a ransomware attack of our computer system. We immediately began an investigation, reset passwords, removed the server from the system, and began using back up to our system. We engaged a leading forensic firm to assist in the investigation and we determined that an unknown person remotely accessed a server which contained files that may have included patients’ names, telephone numbers, dates of service, types of service or treatment, and amounts paid.
We have no indication that the patients’ information has been used in any way, but wanted to notify you of this incident and assure you that we take it very seriously.
We began mailing letters to affected patients on December 27, 2016, and have established a dedicated call center to answer any questions. If you believe you are affected but do not receive a letter by January 14, 2017, please call 1-866-263-4159 between 9 a.m. and 7 p.m. Eastern Time, Monday through Friday.
We regret any inconvenience or concern this may have caused our patients. To help prevent something like this from happening in the future we are working with a security firm to enhance the security of our systems.