Milwaukie, Ore.-based Monterey Health Center announced Oct. 11 that it is notifying patients their protected health information may have been exposed because of a ransomware attack.
Monterey Health Center discovered Aug. 12 that its EMR system had been encrypted because of a ransomware attack. Immediately, the medical center worked to restore access to the records systems so patient care would not be disrupted.
After working with a third-party vendor, Monterey Health Center was able to restore the encrypted data. A forensic investigator confirmed that no data had been removed from the server. However, the medical center was unable to determine if any patient information had been accessed.
Patient data stored in the affected server included names, addresses, driver's licenses, financial account information, Social Security numbers, dates of birth, medical histories, diagnoses/conditions, lab/test results, treatment information, medications, health insurance information and claims information.
"As part of its ongoing commitment to the privacy and security of patient information, [Monterey Health Center] is working to review existing policies and procedures and to implement additional safeguards to further secure the information in its systems," the medical center said in a statement.