{"id":7,"date":"2017-06-07T00:40:01","date_gmt":"2017-06-07T00:40:01","guid":{"rendered":"http:\/\/www.amp.legal\/blog\/?p=7"},"modified":"2017-08-11T13:47:38","modified_gmt":"2017-08-11T17:47:38","slug":"ransomware-infects-texas-medical-provider","status":"publish","type":"post","link":"https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/","title":{"rendered":"Ransomware Infects Texas Medical Provider"},"content":{"rendered":"

Data Breach Today<\/a>\u00a0reported that Urology Austin (UA) in Texas became a victim of a ransomware attack on January 22, 2017. The attack encrypted the stored data on UA\u2019s servers. The breach affected the medical information of close to 280,000 patients, including names, addresses, birthdates, and social security numbers. The incident affected legacy applications and data, so former patients may also receive notifications. UA offered the affected patients free credit and identity monitoring for a year.<\/p>\n

\"\"The breach happened on a Sunday. UA\u2019s external and internal IT teams discovered the breach within minutes and shut the network down. The IT teams mitigated the damage by wiping the servers clean and restoring the data. UA had a backup plan to restore data quickly, and the restoration process took about a day.<\/p>\n

To restore operations, UA’s IT team needed to wipe the server. Unfortunately, the IT team did not determine the type of ransomware used in the attack. However, UA\u2019s attorney confirmed that it did not pay a ransom.<\/p>\n

UA did not specify how its systems became infected. However, UA submitted a breach notice to the California attorney general. The notice indicated that an employee was a victim of a phishing attack. UA also reported that employees would be retrained regarding suspicious emails.<\/p>\n

Is Ransomware A Breach?<\/h3>\n

HIPAA Journal<\/a>\u00a0explained that ransomware usually \u201cblindly encrypts data.\u201d The intention is to cause a major disruption to the business and force it to pay a ransom to unlock the encryption. In these types of attacks, the attackers usually do not access or steal data, which means\u00a0the risk is low that protected health information (PHI) was accessed or stolen in the UA breach. However, according to the\u00a0federal Ransomware Fact Sheet<\/a>, the majority of\u00a0ransomware attacks cause a breach of PHI, which\u00a0must be reported unless a low probability of risk can be properly demonstrated.<\/p>\n

Although UA’s\u00a0data was not accessed or stolen, the breach may have violated various federal and state breach laws<\/a>. On the federal level, UA is a covered entity under HIPAA, so it is required to report compromised PHI. On the state level, Texas has a data breach law that UA must follow. Texas defines a\u00a0“breach of system security” as\u00a0“unauthorized acquisition of computerized data” and includes\u00a0“data that is encrypted if the person accessing the data has the key required to decrypt the data.” Additionally, many other states have data breach laws that cover patients outside of the state.<\/p>\n

UA management did not contact law enforcement because they determined that no data was stolen, but they\u00a0reported the breach to various agencies. UA is featured on the\u00a0Wall of Shame<\/a>\u00a0on the HHS website.<\/p>\n","protected":false},"excerpt":{"rendered":"

Data Breach Today\u00a0reported that Urology Austin (UA) in Texas became a victim of a ransomware attack on January 22, 2017. The attack encrypted the stored data on UA\u2019s servers. The breach affected the medical information […]<\/p>\n","protected":false},"author":1,"featured_media":166,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[25,26],"yoast_head":"\nRansomware Infects Texas Medical Provider - Cyber Law Blog<\/title>\n<meta name=\"description\" content=\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ransomware Infects Texas Medical Provider - Cyber Law Blog\" \/>\n<meta property=\"og:description\" content=\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Law Blog\" \/>\n<meta property=\"article:published_time\" content=\"2017-06-07T00:40:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-08-11T17:47:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/06\/Moneybox.png\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/\"},\"author\":{\"name\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f\"},\"headline\":\"Ransomware Infects Texas Medical Provider\",\"datePublished\":\"2017-06-07T00:40:01+00:00\",\"dateModified\":\"2017-08-11T17:47:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/\"},\"wordCount\":451,\"publisher\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\"},\"keywords\":[\"data breach\",\"ransomware\"],\"articleSection\":[\"Ransomware\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/\",\"url\":\"https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/\",\"name\":\"Ransomware Infects Texas Medical Provider - Cyber Law Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#website\"},\"datePublished\":\"2017-06-07T00:40:01+00:00\",\"dateModified\":\"2017-08-11T17:47:38+00:00\",\"description\":\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.amp.legal\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ransomware Infects Texas Medical Provider\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#website\",\"url\":\"https:\/\/www.amp.legal\/blog\/\",\"name\":\"Cyber Law Blog\",\"description\":\"Exploring technology law in cyberspace\",\"publisher\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.amp.legal\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\",\"name\":\"Alice M. Porch, P.A.\",\"url\":\"https:\/\/www.amp.legal\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png\",\"contentUrl\":\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png\",\"width\":1104,\"height\":1114,\"caption\":\"Alice M. Porch, P.A.\"},\"image\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f\",\"name\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g\",\"caption\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\"},\"description\":\"Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal\/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.\",\"sameAs\":[\"https:\/\/www.aliceporch.com\",\"https:\/\/www.linkedin.com\/in\/alice-m-porch\/\"],\"url\":\"https:\/\/www.amp.legal\/blog\/author\/amplegal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ransomware Infects Texas Medical Provider - Cyber Law Blog","description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/","og_locale":"en_US","og_type":"article","og_title":"Ransomware Infects Texas Medical Provider - Cyber Law Blog","og_description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","og_url":"https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/","og_site_name":"Cyber Law Blog","article_published_time":"2017-06-07T00:40:01+00:00","article_modified_time":"2017-08-11T17:47:38+00:00","og_image":[{"width":900,"height":525,"url":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/06\/Moneybox.png","type":"image\/png"}],"author":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/#article","isPartOf":{"@id":"https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/"},"author":{"name":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f"},"headline":"Ransomware Infects Texas Medical Provider","datePublished":"2017-06-07T00:40:01+00:00","dateModified":"2017-08-11T17:47:38+00:00","mainEntityOfPage":{"@id":"https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/"},"wordCount":451,"publisher":{"@id":"https:\/\/www.amp.legal\/blog\/#organization"},"keywords":["data breach","ransomware"],"articleSection":["Ransomware"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/","url":"https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/","name":"Ransomware Infects Texas Medical Provider - Cyber Law Blog","isPartOf":{"@id":"https:\/\/www.amp.legal\/blog\/#website"},"datePublished":"2017-06-07T00:40:01+00:00","dateModified":"2017-08-11T17:47:38+00:00","description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","breadcrumb":{"@id":"https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.amp.legal\/blog\/ransomware-infects-texas-medical-provider\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.amp.legal\/blog\/"},{"@type":"ListItem","position":2,"name":"Ransomware Infects Texas Medical Provider"}]},{"@type":"WebSite","@id":"https:\/\/www.amp.legal\/blog\/#website","url":"https:\/\/www.amp.legal\/blog\/","name":"Cyber Law Blog","description":"Exploring technology law in cyberspace","publisher":{"@id":"https:\/\/www.amp.legal\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.amp.legal\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.amp.legal\/blog\/#organization","name":"Alice M. Porch, P.A.","url":"https:\/\/www.amp.legal\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png","contentUrl":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png","width":1104,"height":1114,"caption":"Alice M. Porch, P.A."},"image":{"@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f","name":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g","caption":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+"},"description":"Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal\/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.","sameAs":["https:\/\/www.aliceporch.com","https:\/\/www.linkedin.com\/in\/alice-m-porch\/"],"url":"https:\/\/www.amp.legal\/blog\/author\/amplegal\/"}]}},"_links":{"self":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/7"}],"collection":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/comments?post=7"}],"version-history":[{"count":18,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/7\/revisions"}],"predecessor-version":[{"id":299,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/7\/revisions\/299"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/media\/166"}],"wp:attachment":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/media?parent=7"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/categories?post=7"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/tags?post=7"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}