Cleveland Medical Associates is providing about 22,000 sufferers identity protection services after a ransomware attack against the practice.
The five-clinician practice is giving a year of protective services through Equifax to both current and former sufferers whose information may have been affected.
Cleveland Medical Associates refused to give more details about the tragedy and also did not provide any extra statements about the attack.
The breach was discovered the morning of April 17. In response, the practice executed a new medical records system and engaged forensic specialists to verify the extent to which information was affected. The practice believes the motive for the attack was extortion and that access to patient health information wasn’t an end result of the attack.
“Based upon our inquiry, there is no evidence that your protected health information was taken from our system or misused as result of the incident,” the practice told patients in a notification letter. “Because we were not able to determine with reasonable certainty whether or not there was an unauthorized access of your information, however, we’re offering you with notification of this incident.”
Protected health information that could have been compromised involves patient names, addresses, demographics, telephone numbers, email addresses, clinical information, insurance billings and Social Security numbers.
The Equifax protection package offers credit monitoring, as much as $25,000 in identity theft insurance and automatic fraud alerts of changes to a credit report.