The Susan M. Hughes Centeris a cosmetic surgery and medical spa with locations in New Jersey and Pennsylvania. On December 27, they notified HHS of aransomwareincident affecting 11,400 patients.
The following is their statement about the incident:TheSusan M. Hughes Center is committed to maintaining the privacy and security of patient information we maintain. This notice is to inform you of an incident involving some of that information.On August 30, 2016, we became aware of a ransomware attack of our computer system. We immediately began an investigation, reset passwords, removed the server from the system, and began using back up to our system. We engaged a leading forensic firm to assist in the investigation and we determined that an unknown person remotely accessed a server which contained files that may have included patients’ names, telephone numbers, dates of service, types of service or treatment, and amounts paid.We have no indication that the patients’...(continued)