Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: all
Company or Organization:
Date Made Public:
February 16, 2018
Company: Jemison Internal Medicine, PC
Location: Jemison, Alabama
Type of breach:
HACK
Type of organization:
MED
Records Breached:
6,550

Recently, Jemison's computer system was infected by a ransomware virus that encrypted its electronic medical records system containing its patient's medical records. The ransomware demanded monetary payment from JIM in order to decrypt the files and allow the practice to regain access to them. JIM did not pay the ransom to the cyber criminals, but was instead able to restore its files and the functionality of its system through backup records. Subsequent scans of JIM's system show no further sign of the ransomware, and its investigation does not show any indication that the ransomware exfiltrated any data off its system. However, through its investigation of the incident, JIM discovered that its computer system previously had been accessed without its knowledge by unauthorized individuals not affiliated with JIM between September and December 2017. JIM is not able to confirm which, if any, files or patient information were accessed by these unauthorized individuals, but it is possible that they could have accessed JIM's electronic medical records system containing patient names, addresses, telephone numbers, Social Security numbers, dates of birth, driver's license numbers, treatment or procedure information, prescription information, and/or healthcare insurance information. Although JIM is unable to confirm that any personally identifying information or patient health information was accessed by unauthorized individuals, out of an abundance of caution and because of its commitment to data security and privacy, JIM is notifying all of its patients about the incident in compliance with the Health Insurance Portability and Accountability Act (HIPAA).

Information Source:
Security Breach Letter
Date Made Public:
February 16, 2018
Company: Jemison Internal Medicine, PC
Location: , Alabama
Type of breach:
HACK
Type of organization:
MED
Records Breached:
6,550

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
CSV