Austin Cancer Centers is informing 36,503 patients regarding the exposure of some of their protected health information (PHI) because of a security incident identified on August 4, 2021.
Unauthorized people were found to have acquired access to computer systems and put in malware. To avoid continuing unauthorized access, computer systems were quickly turned off and law enforcement was informed. Since that time, Austin Cancer Centers has engaged with cybersecurity specialists to understand the specific nature and extent of the incident. Austin Cancer Centers stated the malware is already gone, systems were restored and made secure, and its facilities are available.
Based on the forensic investigation of the security incident, hackers initially obtained access to its computer networks on July 21, and likely had access until the breach was uncovered on August 4. An extensive evaluation was performed to determine all files on the system that hackers could have accessed. Those records were found to include patient data like names, birth dates, addresses, medical notes and insurance carrier names. The Social Security numbers and credit card numbers of a number of patients were likewise compromised.
Austin Cancer Centers does not believe the attackers got access to the whole network, however, the decision was made to give notifications to 36,500 patients as a safety precaution. Because the attackers didn’t have access to its network since August 4, new patients who obtained health services after that time were certainly not affected.
Austin Cancer Centers mentioned the attackers were able to prevent discovery and conceal their activities, which is why it took about two weeks to uncover the security breach. All through the investigation the top main concern was to make sure systems were safe and patient information was secured, therefore notifications were late until it was sure that proper safety steps were set up.
There is no information yet regarding the precise nature of the malware attack, which includes whether it was ransomware because the investigation into the security breach is continuing. Austin Cancer Centers mentioned more information concerning the incident will be provided to the impacted persons through its website when it is considered proper for the details to be published.
Since the breach happened, Austin Cancer Centers has enforced more technical safety measures to further improve security. The entire workforce also got rigorous privacy and security training.
Impacted individuals received a one-year membership to the Equifax Credit Watchâ„¢ Gold credit monitoring service at no cost. They also received automatic fraud notifications and insurance through a $1,000,000 identity theft insurance policy.
Austin Cancer Center CEO, Laurie East expressed that they are greatly saddened and disappointed by this security incident. Looking after their patients through medically stressful times is their primary business. The center expresses its apologies to all impacted patients for any issue created and will do what it can to take care of the circumstance and assist them through the required steps to make certain their data security.