Clinic Reports Malware Attack19,000 Oklahoma Patients Notified
The computer contained patient names, addresses, Social Security numbers, birth dates and a variety of healthcare information, according to the University of Oklahoma's Tulsa neurology practice.
The clinic, which detected the virus July 28, says it's unaware of any misuse of information from the computer. "Although it is not possible at this time to determine what documents on the computer, if any, were accessed by the virus, in an abundance of caution, the clinic is notifying those individuals whose information and documents were stored there," the university said in a statement.
"As a result of this incident, the clinic has taken additional steps to ensure the safety and privacy of data, such as increasing the frequency of software and security updates," according to the statement.
The incident was recently added to the Health and Human Services' Office for Civil Rights' list of major healthcare information breaches. Breaches affecting 500 or more individuals must be reported to OCR within 60 days, according to the HITECH Act's interim final breach notification rule.