40K notified after ransomware attack on Fetal Diagnostic Institute

The Fetal Diagnostic Institute of the Pacific (FDIP) in Honolulu issued a public notice following a ransomware attack that potentially exposed the healthcare data of 40,800 people.

According to the notice, the institute learned it was the victim of a ransomware attack on June 30, 2018. The attack exposed data on FDIP’s servers including protected health information of past and current patients.

“Accordingly, there is a possibility (a) patient's full name, date of birth, home address, account number, diagnosis or other types of information may have been affected. FDIP does not store financial information such as credit card numbers,” the notice said.

While the FDIP said there’s no evidence patient data was compromised, it couldn’t confirm if the data was viewed or removed from its servers.  

“We do not expect that patients will experience any harm from this unauthorized disclosure, and there is no action patients need to take at this time,” the notice said. “However, should any patient receive any suspicious communications or become aware of other activity they believe may be related to this event, please inform us immediately.”

The institute worked with a cybersecurity firm to remove the malware and restore the encrypted data from backup files. The firm also cleaned up the FDIP's computer systems, confirming no malware remained and implementing additional protections to prevent future attacks. 

“FDIP takes seriously our responsibility to protect the confidentiality of patients' personal information. Our policies prohibit the improper use, access, or disclosure of patients' confidential personal information,” the notice said.