Ransomware Attacks Reported by Jax Spine & Pain Centers, Spine Diagnostic & Pain Treatment, and La Posada at Park Centre

Jax Spine & Pain Centers

Jax Spine and Pain Centers located in Jacksonville, FL has just announced that it experienced a ransomware attack that took place on January 24, 2022. The attack was executed on an inactive server containing files of patients who had gone to either its St Augustine Or Jacksonville areas before May 2018.

Jacksonville Spine Center mentioned the hackers claimed they have stolen information from the server and gave threats to expose the stolen records when the ransom was not paid however didn’t say if there was a payment given to avert the posting of the information.

A tracking software program was installed on the server which made it possible for the attack to be immediately identified, and as a result of the immediate action undertaken as a response to the breach, the data encryption was avoided. When the breach was noticed, the server was de-activated, nevertheless, it wasn’t possible to avert the exfiltration of a compressed file containing patient data.

Jacksonville Spine Center stated its present patient record system is cloud-based and was not impacted and the only patient files acquired in the attack were demographic data – names, addresses, birth dates, and some Social Security numbers.

Spine Diagnostic & Pain Treatment

Spine Diagnostic & Pain Treatment in Louisiana seems to encounter a Conti ransomware attack. As per Databreaches.net, 3,351 files with patient data were loaded to the Conti group’s data leak website, which the Conti group states represent about 30% of the exfiltrated data files. About 4 GB of data was loaded to the leak website and the files comprised a collection of data such as scanned driver’s licenses, insurance billing data, patient records, and other PHI.

Spine Diagnostic & Pain Treatment has not confirmed yet that it has encountered an attack and there is presently no report of the data breach posted on the websites of the Office for Civil Rights and state attorneys general, thus it is not clear how many patients were impacted at this time.

La Posada at Park Centre

Retirement community La Posada at Park Centre in Sahuarita, AZ has just informed 812 persons about the potential compromise of some of their PHI in a cyberattack that happened on December 10, 2021. La Posada stated “a software virus” was installed onto its systems that blocked the access of files and email by employees. With the assistance of third-party forensics specialists, La Posada confirmed on January 24, 2022, that the hackers possibly accessed files with patient data.

The types of information in the impacted files were different from one patient to another and might have included: first and last names, dates of birth, Social Security numbers, driver’s license numbers, direct deposit details, passport numbers, drug and/or TB test data, Member ID numbers, COVID vaccine cards, and data connected with explanation of benefits and self-financed medical plan members.

La Posada mentioned it is going over its security guidelines and procedures and will take action to enhance security.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone