A pediatrics practice , ABCD Pediatrics , serving the San Antonio , Texas metropolitan area reported that it was hit with a ransomware attack Attack.Ransom , but existing antivirus software helped to slow down the attack , and the practice 's IT vendor successfully removed the virus and all corrupt data from its servers . However , because hackers may have accessed Attack.Databreach portions of the practice ’ s network , the pediatrics group is offering identity and credit protection services from Equifax Personal Solutions to all of its patients . The pediatrics group , which has four locations , posted a “ HIPAA Notification ” on its website , regarding an incident that may have affected patients ’ protected health information ( PHI ) . The practice stated that the notice was made in compliance with the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) . Prior to the attack , ABCD Pediatrics had a variety of security measures in place , including network filtering and security monitoring , intrusion detection systems , firewalls , antivirus software , and password protection , according to the organization ’ s statement . On February 6 , 2017 , an employee of ABCD Pediatrics discovered that a virus gained access and began encrypting ABCD ’ s servers . The encryption was slowed significantly by existing antivirus software . Upon discovery , ABCD immediately contacted its IT vendor , and ABCD ’ s servers and computers were promptly moved offline and analyzed . The virus was identified as “ Dharma Ransomware , ” which is a variant of an older ransomware virus called “ CriSiS , ” according to the organization ’ s IT vendor . “ ABCD ’ s IT company reported that these virus strains typically do not exfiltrate Attack.Databreach ( “ remove ” ) data from the server ; however , exfiltration could not be ruled out . Also , during the analysis of ABCD ’ s servers and computers , suspicious user accounts were discovered suggesting that hackers may have accessed Attack.Databreach portions of ABCD ’ s network , ” the organization stated . The IT vendor successfully removed the virus and all corrupt data from its servers , and the practice said that secure backup data stored separately from its servers and computers was not compromised by the incident , and it was used to restore all affected data . According to the organization , no confidential information was lost or destroyed , including PHI , and the practice group never received a ransom demand Attack.Ransom or other communications from unknown persons . In addition to notifying its patients , ABCD notified the FBI and the U.S. Department of Health and Human Services . According to the HHS ’ Office of Civil Rights ’ data breach Attack.Databreach portal , the incident affected 55,447 patients . While the IT vendor found no evidence that confidential information was actually acquired or removed Attack.Databreach from its servers and computers , it could not rule out the possibility that confidential information may have been viewed Attack.Databreach and possibly was acquired Attack.Databreach , according the ABCD Pediatrics ’ statement . Affected information may have included patients ’ names , addresses , telephone numbers , dates of birth , Social Security Numbers , insurance billing information , medical records , and laboratory reports . Following this incident , ABCD ’ s IT vendor located the source of the intrusion and implemented additional security measures , including state of the art cyber monitoring on its network , the organization said . In addition to the identity and credit protection services from Equifax , the pediatrics group recommended that patients also place a fraud alert on their credit files .

ABCD Pediatrics , PA ( “ ABCD ” ) is committed to providing quality pediatric healthcare in the San Antonio area . Our mission is to provide the best care , to each patient , every time . With that being said , ABCD is writing to inform you about an incident that may have affected its patients ’ protected health information . This notification is made in compliance with the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) , Public Law 104-191 , and the included Administrative Simplification provisions . During the morning of February 6 , 2017 , an employee of ABCD Pediatrics discovered that a virus gained access and began encrypting ABCD ’ s servers . The encryption was slowed significantly by existing antivirus software . Upon discovery , ABCD immediately contacted its IT Company , and ABCD ’ s servers and computers were promptly moved offline and analyzed . ABCD ’ s IT Company identified the virus as “ Dharma Ransomware , ” which is a variant of an older ransomware virus called “ CriSiS. ” ABCD ’ s IT Company reported that these virus strains typically do not exfiltrate Attack.Databreach ( “ remove ” ) data from the server ; however , exfiltration could not be ruled out . Also , during the analysis of ABCD ’ s servers and computers , suspicious user accounts were discovered suggesting that hackers may have accessed Attack.Databreach portions of ABCD ’ s network . ABCD ’ s IT Company successfully removed the virus and all corrupt data from its servers . Secure backup data stored separately from ABCD ’ s servers and computers was not compromised by this incident , and it was used to restore all affected data . As a result , no confidential information was lost or destroyed , including protected health information . Also , please note that ABCD never received any ransom demands Attack.Ransom or other communications from unknown persons . However , ABCD remains concerned because it discovered user logs indicating that computer programs or persons may have been on the server for a limited period of time . In addition to notifying its patients , ABCD notified the Federal Bureau of Investigations ( “ FBI ” ) , and it will notify the Department of Health and Human Services . While ABCD ’ s IT Company found no evidence that confidential information was actually acquired or removed Attack.Databreach from its servers and computers , it could not rule out the possibility that confidential information may have been viewed Attack.Databreach and possibly was acquired Attack.Databreach . Importantly , ABCD can not confirm with a high degree of likelihood that confidential information remained secure throughout this incident . Generally , affected information may have included one ’ s name , address , telephone , date of birth , other demographic information , Social Security Number , insurance billing information , current procedural technology codes , medical records , and laboratory reports . ABCD takes its patient ’ s privacy and the security of their information very seriously . ABCD had a variety of security measures in place before this incident , including network filtering and security monitoring , intrusion detection systems , firewalls , antivirus software , and password protection . Following this incident , ABCD ’ s IT Company located the source of the intrusion and implemented several measures to ensure this kind of incident does not occur again , which include state of the art cyber monitoring on its network . ABCD and its IT Company continue to assess its physical and cyber security . We have arranged with Equifax Personal Solutions to help protect the identity and credit information of all patients . Patients can call 844-420-6493 Monday through Friday from 9:00 AM to 9:00 PM Eastern Standard Time to determine whether they were affected . Also , if any patient has questions , they can call this same number to speak with a customer service representative about the incident . Patients also can place a fraud alert on their credit files with the three major credit reporting agencies . A fraud alert is a consumer statement added to one ’ s credit report . The fraud alert signals creditors to take additional steps to verify one ’ s identity prior to granting credit . This service can make it more difficult for someone to get credit in one ’ s name , though it may also delay one ’ s ability to obtain credit while the agency verifies identity . Fraud alerts are free and last 90 days unless you manually renew it or use the automatic fraud alert feature within a Credit Watch subscription . Patients also may want to order their credit report . By establishing a fraud alert , patients will receive a follow-up letter that will explain how they can receive a copy of their credit report . When patients receive their credit report , examine it closely and look for signs of fraud , such as credit accounts that are incorrect . Even though a fraud alert has been placed on their account , patients should continue to monitor future credit reports to ensure an imposter has not opened an account . If patients want to place a security freeze , they will need to call all three credit bureaus ( information listed above ) and place a security freeze on thier credit report . Charges to place and/or remove a security freeze vary by state and credit agency . We deeply regret any inconvenience this incident may have caused . If patients have questions , please call 844-420-6493 Monday through Friday from 9:00 AM to 9:00 PM Eastern Standard Time .