Patient HIPAA Notice Regarding Protected Health Information
On August 9, 2022, Family Medicine Shady Grove, LLC (FMSG) identified that its internal on-site server was encrypted with ransomware by a threat actor. Significantly, no patient medical records were included or impacted, as the company stores patient medical records on a cloud based EMR. However, patient medical billing records were stored on the on-site server. The data included Explanations of Benefits, monthly billing printouts, and patient data such as name, address, and date of birth. No social security information or credit card information was included.
In response to this incident, FMSG retained a computer forensics team, and the FBI was also notified. The company was able to decrypt and recover its data as of September 5, 2022. The company’s workstations and server were secured, and no further vulnerabilities were identified.
FMSG has no evidence that any patient protected health information was acquired, exfiltrated, or misused for the purpose of committing fraud or identity theft. To date, there has been no indication that any patient protected health information was improperly utilized by any person. FMSG has also taken steps to ensure that similar incidents do not occur in the future. However, as a precautionary measure, patients should remain vigilant to protect against potential fraud or identity theft by, among other things, reviewing their account statements and monitoring credit reports closely. Individuals should promptly report any suspected fraudulent activity or identity theft to proper law enforcement authorities. Patients may also wish to review the tips provided by the Federal Trade Commission on fraud alerts, security/credit freezes, and steps that they can take to avoid identity theft.
FMSG is fully committed to the preservation of the confidentiality and security of patient data. We take our responsibilities pursuant to the Health Information Portability and Accountability Act and the Maryland Confidentiality of Medical Records Act very seriously, and we genuinely apologize for this incident and inconvenience.
If you have any questions or concerns regarding this matter, additional information is available via a confidential, toll-free inquiry line at 855-933-4552 from 9:00 a.m. to 9:00 p.m. Eastern Standard Time, Monday through Friday.