Fort Washington, MD, August 05, 2017 --(PR.com
)-- Sport and Spine Rehab (SSR) has become aware of a data security incident that may have involved the personal and protected health information of its patients. SSR has sent notifications to the potentially involved patients to inform them of this incident and to provide resources to assist them.
On June 3rd 2017, Sport and Spine Rehab was the victim of a ransomware attack that encrypted the data stored on it's servers. Within minutes, SSR was alerted to the attack, the computer network was shut down, and SSR began an investigation. SSR also began to take steps to decrypt the impacted data and return to normal operations, both of which are now fully restored. While the investigation found no evidence to suggest that any files were opened nor information accessed by anyone outside of the SSR organization, SSR is acting out of an abundance of caution to protect patients from any unseen potential threats. SSR did determine that some files containing patient information were auto-encrypted/locked by the ransomware virus that infiltrated SSR's old system. The compromised information could include patient names, addresses, dates of birth, Social Security numbers, and medical information.
SSR takes the security of it's patients’ information very seriously and has taken steps to prevent a similar event from occurring in the future, including strengthening preventative security measures, stringent wiping of it's system, locking down any access to servers with new protective programming, enhancing training of SSR employees to recognize and report potentially hazardous messages/programs, fortifying it's firewall, and intensifying it's backup and virus alert processes. SSR also is following the federal process for reporting this type of breach to the proper authorities.
The communication sent out to the potentially affected patients include information about the incident and steps to take in order to monitor and protect their personal information. Please note that only patients who were seen prior to May 1st, 2016 will have received the letter as the encryption took place within SSR's previous software and server. SSR's new software and server was not attacked so information and files related to patients who were new to the SSR office after May 1st, 2016 are not affected.
SSR has established a call center to answer questions about the incident and related concerns. The call center is available Monday through Friday from 8:00 a.m. to 6:00 p.m., Eastern Time and can be reached at 240-766-0300 option 7. SSR also has set up a toll-free number – (888) 689-4819. The privacy and protection of patient information is a top priority and SSR deeply regrets any inconvenience or concern this incident may cause.
Please visit www.ssrehab.com/security-2017 for more information and tips.