Asheville Arthritis Centre says data security incident impacted over 58,000 patients

Asheville, North Carolina-based healthcare provider Asheville Arthritis and Osteoporosis Centre said that the data security incident it suffered earlier this year compromised the sensitive personal information of more than 58,000 individuals.

 

In a data security incident notice posted on its website, Asheville Arthritis said that on May 22, it experienced a cyber attack on its systems and quickly launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. It also took steps to contain the attack and notified relevant law enforcement authorities about the same.

 

“Asheville Arthritis’s investigation indicates that files containing certain individual and health information may have been compromised by an unauthorised third party,” reads the notice.

 

The hospital said the compromised data included names, addresses, dates of birth, phone numbers, social security numbers, and certain medical information including medical notes, lab results, diagnosis, and health insurance information.

 

In a filing with the U.S. Department of Health and Human Services Office for Civil Rights, Asheville Arthritis said that it has identified at least 58,251 individuals who were affected by the data security incident.

 

“Upon detecting this incident, we moved quickly to initiate a response, which included conducting an investigation and ensuring the environment had been secured.  We contacted law enforcement and retained cybersecurity forensic experts to help us ensure an attack like this does not happen again,” the healthcare provider added.

 

While Asheville Arthritis found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

The healthcare provider has also offered complimentary identity protection and credit monitoring services to patients whose personal and healthcare information was accessed during the cyber security incident.