Namaste Health Care in Ashland is notifying about 1,600 patients its office experienced a security incident over the weekend of Aug. 12-13.
During that weekend, it is believed someone gained improper access into the office computer systems and remotely accessed Namaste's file server.
According to a press release from office officials, the cyber attacker launched a ransomware virus/attack on the file share server, which resulted in the encryption of data housed on that server as of Aug. 14. Namaste took steps to protect patient information and its computer systems, but ultimately had to pay a ransom to the cyber attacker in order to restore and regain access to the affected data.
Namaste has been unable to conclusively determine whether the cyber attacker may have viewed information contained on that file server, but is acting out of caution and to be in compliance with state and federal regulations, the office is treating this security incident as a potential breach of personal and medical data. This data could potentially include patient's names, addresses, dates of birth, Social Security numbers, and limited clinical information, such as diagnoses and treatments received.
Namaste Health Care has sent patient notification letters this week to affected individuals. They have partnered with AllClear ID to establish a dedicated call center to answer questions. Namaste is also offering affected individuals the opportunity to have AllClear protect their identity for 12 months at no cost to them. Patients with questions about whether they are affected by this incident may call a toll-free call center at 1-855-422-7187 between 8 a.m.-8 p.m. Monday through Saturday.
Affected individuals should remain vigilant with respect to reviewing account statements and credit reports and promptly report any suspicious activity or suspected identity theft to Namaste Health Care and to local law enforcement authorities, the Missouri Attorney General and/or the Federal Trade Commission officials said.
Namaste officials said they regret any inconvenience this incident may cause and believe ongoing efforts will help minimize the risks of future events that could compromise this type of data.