The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

877,500 Individuals Affected by Ransomware Attack on Prosthetics & Orthotics Provider

Posted By on Nov 23, 2022

The Rochester Hills, MI-based prosthetics, orthotics, and accessibility solution provider, Wright & Filippis, has recently announced that it was the victim of a ransomware attack on its network. The attack occurred between January 26 and January 28, 2022, and while the attack was detected by the firm’s endpoint security solution shortly after the ransomware was executed, it was not possible to prevent the encryption of certain files on its network.

Third-party security experts were engaged to investigate the nature and scope of the attack, with the investigation concluding on or around May 2, 2022, that files containing the protected health information of patients and employees may have been accessed and exfiltrated from its network. The investigation confirmed that its electronic health record system and its human resources systems were not affected by the attack.

A comprehensive review of all files potentially compromised in the attack revealed they contained the protected health information of 877,584 current and former patients, employees, and job applicants. Affected patients had their names, birth dates, patient numbers, Social Security numbers, financial account numbers, and/or health insurance information exposed. Current and former employees and job applicants have had their names, birth dates, Social Security numbers, driver’s license numbers, and/or state IDs exposed, as well as financial account numbers for a limited number of individuals.

Wright & Filippis said that at the time of issuing notification letters, no evidence had been found to suggest any actual or attempted misuse of the stolen information; however, out of an abundance of caution, affected individuals have been offered complimentary access to identity monitoring, fraud consultation, and identity theft restoration services. The delay in issuing notifications to affected individuals was due to the time-intensive process of investigating the breach, reviewing the affected files, and confirming contact information for affected individuals.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Wright & Filippis said the company has implemented additional endpoint detection and response software, reset all passwords, and rebuilt all the affected servers.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist