Affiliated Dermatologists says ransomware attack impacted over 370,000 patients and employees

New Jersey-based dermatological healthcare practice Affiliated Dermatologists experienced a major ransomware attack that compromised the sensitive personal information of more than 370,000 individuals.

 

In a data breach notice filed with the Maine Attorney General’s office, Affiliated Dermatologists said that it experienced a major cyber attack in the first week of March that involved attackers infiltrating its network and leaving a ransom note.

 

AD said it immediately disconnected access to the compromised network and launched an investigation, with assistance from external cyber security experts, to determine the scope of the incident.

 

“On April 10, 2024, AD’s investigation determined that between March 2, 2024 and March 5, 2024, the unauthorised actor obtained access to certain systems and copied data from AD’s network, including the personal information of AD patients and employees,” the practice said.

 

According to a press release published by Affiliated Dermatologists, the compromised data included names, dates of birth, mailing addresses, social security numbers, medical treatment information, and health insurance claims information for patients. For employees, the compromised data included names, dates of birth, mailing addresses, social security numbers, driver’s license numbers, and passport numbers.

 

The company also revealed in its filing with the Maine Attorney General’s office that at least 373,379 individuals were impacted by the ransomware attack.

 

“AD has taken steps to further enhance its network security, including implementation of 24-7network security monitoring, multi-factor authentication for all remote access, and password resets for all accounts on the network,” AD added.

 

While AD found no evidence of the compromised information being misused, it has advised all affected individuals to regularly monitor their credit reports, bank accounts and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through Cyberscout to all affected individuals.

 

On March 25, the BianLian ransomware group claimed responsibility for the cyber attack on AD and listed the practice as a victim on its data leak site. The medical practice is yet to state if it engaged with the hackers or the quantum of the ransom demand.