« Information Technology
  

New Jersey Affiliated Dermatologists Suffers Cyberattack

The cybersecurity incident occurred in March.

By HFT Staff


On March 5, 2024, Affiliated Dermatologists (AD) detected it was the target of a cybersecurity attack whereby an unauthorized third party gained access and left a ransom note on AD’s network. Upon discovery of this incident, AD immediately disconnected access to the network, alerted its third-party IT provider and engaged specialized cybersecurity professionals to conduct a forensic investigation into the nature and scope of the incident.  

On April 10, 2024, AD’s investigation determined that between March 2, 2024, and March 5, 2024, the unauthorized actor obtained access to certain systems and copied data from AD’s network, including the personal information of AD patients and employees.  

While the information involved varies for each individual, AD’s investigation has determined that the unauthorized actor may have accessed the following categories of information: 

  • For patients: name, date of birth, mailing address, social security number, medical treatment information, and health insurance claims information. -  
  • For employees: name, date of birth, mailing address, social security number, driver’s license number, and passport number.  

Again, the information involved varies for each individual, and not every category applies in each individual case. AD will mail personalized notification letters to the affected individuals that detail the specific categories of information that apply in each individual’s case.  

At this time, AD is not aware of any misuse of any personal information in connection with this incident. 

Since the discovery of the incident, AD moved quickly to investigate, respond, and confirm the security of our systems. Specifically, AD immediately disconnected access to its network and engaged specialized cybersecurity professionals to assist network restoration efforts and conduct a forensic investigation into the nature and scope of the incident. In addition, AD has taken steps to further enhance its network security, including implementation of 24-7 network security monitoring, multi-factor authentication for all remote access and password resets for all accounts on the network. 



May 21, 2024


Topic Area: Information Technology , Security

Recent Posts

ISSA Introduces Healthcare Platform to Advance Safer, Cleaner Patient Environments

This new resource integrates training, research and cross-sector collaboration to raise care standards and improve patient outcomes.

Third-Party Tracking Settlement is a Compliance Wake-Up Call for Healthcare Facilities Managers

Mount Sinai Health System agrees to a $5.3 million settlement to resolve claims it improperly shared patient data with Facebook through tracking tools.

ECU Health Behavioral Health Hospital Hosts Ribbon-Cutting Ceremony for New Facility

The new facility features 144 beds and a healing environment for behavioral health patients.

Aspire Rural Health System Reports Data Security Incident

Upon detecting the unauthorized activity, Aspire immediately worked to contain the incident and launched a thorough investigation.

Fatal Flaws: Strategies for Active Attackers

Anything that goes wrong with the response is the liability exposure of the organization — not the employee and not the police.

 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.