Utah-based medical practice alerts 320,000 patients to security breach

Premier Family Medical, a US healthcare provider with 10 facilities across Utah, is alerting 320,000 patients to a ransomware incident that left the organization unable to access data from its systems.

In a security alert posted to the organization’s website, Premier said that it experienced a ransomware attack on July 8 that had affected all of its locations in the Salt Lake state.

“Premier was temporarily unable to access data from certain systems within its organization,” the alert states.

“Premier promptly informed law enforcement and engaged technical consultants to investigate and regain access.”

The organization runs clinics and healthcare facilities that specialist in general medical care.

The Daily Swig asked the healthcare provider about the type of patient information that was compromised, and to learn any additional details related to the attack. One of its facilities explained that it was not providing further comment at this time.

Premier Family Medical is yet to respond to our questions, but it has said something about another important point – how it intends to keep consumers informed about the situation.

“Patients who have been treated at any of Premier’s ten Utah County locations will receive notification of the ransomware event later next week, including information about how to address concerns or questions to Premier,” the alert, dated August 30, explains.

In accordance with US health data protection rules under HIPAA, Premier notified the US Department of Health and Human Services (HSS) about the 320,00 patient records that had been impacted in the security incident.

This submission was only filed on September 7 but appears to fall under the 60-day period for reporting a breach if Premier only became aware of the incident on July 8.

Ransomware rash

Premier’s disclosure follows highly publicized ransomware incidents throughout the US, most notably involving attacks against local government entities.

The state of Texas, for instance, continues to recover from an attack that crippled 22 of these such organizations in August.

“Information security is everyone’s responsibility,” said Amanda Crawford, executive director of the Department of Information Resources in Texas.

“From IT providers to end users, we all must remain vigilant and practice good cyber hygiene practices.”

Additional reporting by James Walker

YOU MAY ALSO LIKE US medical records firm to settle HIPAA violations over data intrusion