On September 23, 2019, Southeastern Minnesota Oral & Maxillofacial Surgery (SEMOMS) discovered a ransomware attack on one of its servers that potentially exposed the protected health information of about 80,000 patients. SEMOMS is a Minnesota healthcare facility that specializes in treatments for the face, teeth, mouth, and jaw.
SEMOMS IT staff quickly responded and were able to restore the breached data. A third-party forensics team also investigated but could not identify if patients names and x-rays were accessed and could not give a definitive answer concerning what patient data was exposed. It was not reported if the ransom was paid and the amount of money that was demanded by the attackers.
Patients are being notified as a precautionary measure and SEMOMS confirmed that financial information, medical records, and Social Security numbers weren’t affected by the attack. Letters were sent to patients whose data was potentially compromised that includes information on what occurred and a 1-800 number to call to learn more about the security incident.
In response to the attack, SEMOMS is reviewing and updating its information security procedures and policies to prevent a similar event from occurring in the future. Southeastern Minnesota Oral & Maxillofacial Surgery (SEMOMS) is classified as a Healthcare Provider.
The HHS Wall of Shame is a website under the jurisdiction of the U.S. Department of Health and Human Services (HHS) that lists all HIPAA breaches reported within the previous 24 months. The Wall of Shame displays breaches that are being investigated by the Office for Civil Rights (OCR). The HHS Secretary must post a list of protected health information breaches affecting 500 or more people as part of section 13402(e)(4) of the HITECH Act.
The Paubox HIPAA Breach Report analyzes breaches that have impacted 500 or more individuals as reported in the HHS Wall of Shame.