Ransomware attack on Access Sports impacted over 88,000 patients

Dover, New Hampshire-based healthcare provider Access Sports Medicine & Orthopaedics said it experienced a data security incident that compromised the sensitive personal information of close to 90,000 individuals.

 

In a filing with the Office of Maine Attorney General, Access Sports Medicine & Orthopaedics said that on May 10, it identified suspicious activities in its internal network. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the investigation.

 

“As a result of the investigation, Access Sports learned that an unauthorised actor accessed certain files and data stored within our network,” Access Sports said.

 

The compromised data included names, Social Security numbers, dates of birth, financial information, medical information, and health insurance information. The healthcare provider’s filing with the Maine state regulator revealed that at least 88,044 individuals were impacted by the data security incident.

 

“Upon detecting this incident, we moved quickly to initiate an investigation, which included retaining a leading forensic investigation firm that assisted in conducting an investigation and confirming the security of our network environment.

 

“We also deployed additional monitoring tools and will continue to enhance the security of our systems. We take the protection and proper use of personal information very seriously,” Access Sports added.

 

While the healthcare provider found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through Cyberscout to all affected individuals.

 

On May 18, the INC ransomware group claimed responsibility for the cyber attack on Access Sports and listed it as a victim on its data leak site. It is not known if the healthcare provider managed to regain access to the stolen data or purchase a decryption key.