Notice of a Data Breach

Share This Post


WILLOW GROVE, Pa., May 14, 2024 /PRNewswire/ — On or around February 6, 2024, Hypertension-Nephrology Associates, P.C. (“the Practice”) became aware it was the target of an extortion attack when an extortion note was found on its computer system. Upon discovery of the extortion note, the Practice took immediate action including engaging cybersecurity experts and launching an investigation to understand the nature and scope. In an extortion attack, cybercriminals gain unauthorized access to a victim’s sensitive information, such as protected health information (PHI), and then threaten to disclose the PHI unless a ransom is paid.

The forensic investigation determined the cybercriminals accessed the Practice’s systems containing information on both current and former patients between January 20, 2024, and February 6, 2024. During this time, they exfiltrated data containing PHI. A comprehensive review was conducted in an effort to determine the scope of affected PHI. The review concluded on March 15, 2024. Because the review was unable to determine the scope and full extent of the accessed and exfiltrated data, the Practice is treating all PHI as potentially compromised.

The potentially compromised PHI may have included name, date of birth, diagnosis and treatment information, Social Security number, and health insurance identification number. To date, the Practice has no indication that any PHI has been misused.

The Practice takes the protection of the information in its care seriously. In addition to engaging cybersecurity experts, and outside HIPAA counsel, the Practice implemented (and is continuing to implement) additional security measures to safeguard the information in its care.

The Practice is in the process of mailing notification letters to all potentially impacted individuals and provided a call center to answer individuals’ questions. The Practice also provided notice to applicable regulators. The Practice is offering complimentary credit monitoring to all impacted individuals.

For questions about this incident, individuals should call 1-888-973-9859, which is available Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

SOURCE Hypertension Nephrology Associates

This post was originally published on this site

More Articles


Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.


BFU – Seeing is Believing

Oh no, the device is in BFU. This is the common reaction; a device needs extracting, and you find it in a BFU state. Often, there’s an assumption that a BFU extraction will only acquire basic information, but that isn’t always the case.