Notice To Patients
On Monday, January 24, 2022, Jax Spine & Pain Centers was the victim of a ransomware attack on an inactive server that maintained patient files created before May 2018.The criminals threatened to publish the stolen files online unless a ransom was paid.
Our current main network server is cloud-based and was not impacted during this ransomware attack. Patient files created after May 2018 are maintained in the cloud and remain safe and secure. It is also important to note that no clinical data was accessed by the attackers; they only obtained demographic data.
Cyber-attacks are a very unfortunate consequence of our increasingly digital world. Reports show the number of cyber-attacks have been increasing steadily over the past five years, with a 50% increase in cyber attacks per week in 2021 compared to 2020.
While technology allows for increased patient security, the healthcare sector continues to be one of the most targeted industries. Jax Spine takes the privacy and security of its patient’s sensitive information very seriously. As such, we have implemented additional security procedures to prevent recurrence of similar incidents.
Below are answers to common questions regarding the incident that took place on January 24, 2022.
We will continue to provide the same high quality medical care to our patients. If patients have any questions or would like to learn additional information about this matter, they may contact us at 1-877-341-2430.
What data was breached?
Based on alerts from internal security monitoring and proactive defensive steps to block the attack, our security team was able to prevent the criminals from encrypting the server that was attacked. Although the server was immediately shut down, the ransomware successfully accessed a compressed file containing data from an inactive server that maintained patient files created prior to May 2018. The attackers only obtained demographic data such as names, addresses, dates of birth, and social security numbers for a limited number of individuals but no clinical data was accessed.
No patient files created after May 2018 were affected. They remain safe and secure.
An internal investigation was immediately commenced, and the FBI notified of the ransomware attack. We are conducting a thorough investigation in collaboration with law enforcement agencies to determine the source and ultimate extent of the ransomware attack. We have also engaged a third-party forensic investigator to assist with the investigation.
How do I know if my information was compromised?
We are conducting an extensive analysis of the contents of the illegally obtained data to identify the affected or potentially affected individuals and the types of information involved. Once we determine the breached information, we will immediately notify affected individuals.
Please understand that this process is ongoing and we are doing everything possible to identify the extent of the breach and notify affected patients as soon as possible.
What should patients do?
There may be a risk of identity theft and that a third party may view patient information as a result of the ransomware attack. If you visited our Jacksonville or St. Augustine location at any time prior to May 2018, we recommend you consider taking the following precautions:
- Monitor your financial accounts and if any unauthorized activity is identified, promptly contact your financial institution.
- Place a fraud alert or credit freeze on credit reports by contacting the three major credit reporting bureaus: Experian, Equifax and Transunion.
- You can obtain a free copy of your credit report from each of the three major credit reporting agencies by visiting www.annualcreditreport.com or calling 1-877-322-8228.