Placerville, Calif.-based Shingle Springs Health and Wellness Center discovered that its server infrastructure was infected with ransomware on April 7, which may have compromised the protected health information of 21,513 patients.
PHI that may have been affected as a result of the cybersecurity breach include names, health insurance information, provider name, date of service, amount paid/owed, diagnosis codes, addresses, phone numbers and Social Security numbers, according to a statement Shingle Springs published to its website.
The medical center said it is unaware of any attempted misuse of any patients' PHI due to the ransomware attack, which encrypted Shingle Springs' files, disabled its information systems and prevented clinical staff from accessing them. Shingle Springs provides medical, behavioral, dental and pharmacy services.
After discovering the ransomware, Shingle Springs reported the cyberattack to the FBI and notified the Indian Health Service, a branch within HHS that oversees health services for Native American Tribes and Alaska Native people, according to the statement. The medical center also implemented new servers, system upgrades and updates to all workstations and is offering one year of free credit monitoring to patients whose information may have been compromised.