Notice of a Data Breach

May 15, 2024

2 Min Read


WILLOW GROVE, Pa., May 14, 2024 /PRNewswire/ -- On or around February 6, 2024, Hypertension-Nephrology Associates, P.C. ("the Practice") became aware it was the target of an extortion attack when an extortion note was found on its computer system. Upon discovery of the extortion note, the Practice took immediate action including engaging cybersecurity experts and launching an investigation to understand the nature and scope. In an extortion attack, cybercriminals gain unauthorized access to a victim's sensitive information, such as protected health information (PHI), and then threaten to disclose the PHI unless a ransom is paid.

The forensic investigation determined the cybercriminals accessed the Practice's systems containing information on both current and former patients between January 20, 2024, and February 6, 2024. During this time, they exfiltrated data containing PHI. A comprehensive review was conducted in an effort to determine the scope of affected PHI. The review concluded on March 15, 2024. Because the review was unable to determine the scope and full extent of the accessed and exfiltrated data, the Practice is treating all PHI as potentially compromised.

The potentially compromised PHI may have included name, date of birth, diagnosis and treatment information, Social Security number, and health insurance identification number. To date, the Practice has no indication that any PHI has been misused.

The Practice takes the protection of the information in its care seriously. In addition to engaging cybersecurity experts, and outside HIPAA counsel, the Practice implemented (and is continuing to implement) additional security measures to safeguard the information in its care.

The Practice is in the process of mailing notification letters to all potentially impacted individuals and provided a call center to answer individuals' questions. The Practice also provided notice to applicable regulators. The Practice is offering complimentary credit monitoring to all impacted individuals.

For questions about this incident, individuals should call 1-888-973-9859, which is available Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

SOURCE Hypertension Nephrology Associates

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights