Texas clinic notifies 37K people of data breach that compromised SSNs, passwords, and medical info
South West Family Medicine Associates, a clinic in Dallas, TX, yesterday confirmed it notified 36,959 people about an August 2024 data breach that compromised the following patient info:
- Name
- Social Security number
- Driver’s license number
- Date of birth
- Mailing address
- Medications
- Lab results
- Diagnoses and conditions
- Passwords
- Personal ID numbers
- Access codes
- Numbers or info used to access financial resources
- Passport number
- Mother’s maiden name
- Private keys used to authenticate or sign electronic records
- Tax ID numbers
- Health insurance policy number
Ransomware gang BianLian claimed responsibility for the attack shortly after it occurred.
SWFMA has not verified BianLian’s claim. We do not yet know whether the clinic paid a ransom, how much BianLian demanded, or how attackers breached the clinic’s network. Comparitech contacted SWFMA for comment and will update this article if it responds.
SWFMA’s notice to patients says, “After an extensive forensic investigation and internal document review, on October 24, 2024 we determined your personal data was subject to unauthorized access or acquisition, which occurred around August 7, 2024.”
The clinic is offering eligible victims free credit monitoring via IDX. The deadline to enroll is February 7, 2025.
Who is BianLian?
First appearing in late 2021, has claimed responsibility for attacks on the education, healthcare, and government sectors including Boston Children’s Health Physicians (910,000 records), Affiliated Dermatologists & Dermatologic Surgeons (373,000 records), and Texas Retina Associates (313,000 records).
In 2024, Comparitech researchers logged 30 confirmed attacks claimed by BianLian, with 13 of those against US healthcare companies. Those 30 attacks compromised more than 1.9 million records in total.
BianLian claimed responsibility for another 110 attacks in 2024 that haven’t been acknowledged by victims.
Ransomware attacks on US healthcare
Ransomware attacks on US healthcare providers can cripple key systems and endanger the privacy and security of patients. Hospitals and clinics may have to resort to pen and paper, cancel certain appointments, and divert patients elsewhere until systems are restored.
In 2024, Comparitech recorded 119 confirmed ransomware attacks on US hospitals, clinics, and medical businesses including pharmaceutical companies and medical device manufacturers. These attacks compromised more than 117.2 million records.
In another breach reported today, Planned Parenthood of Montana says 18,000 patients’ data was stolen in an attack launched by RansomHub, another ransomware gang.
About South West Family Medicine Associates
South West Family Medicine Associates is a clinic in Dallas, Texas. The same company also operates Southwest Mind and Body Care, also in Dallas. It employs less than 50 people, according to LinkedIn.
Source link