Hackers fly under the radar for two years after infecting chiropractic clinic with malware

Chiropractors may not be regarded as full-blown medical doctors, but hackers don’t discriminate when targeting the health sector, as one chiropractor in Tillamook, Oregon will tell you.

A report published by local publication Tillamook County Pioneer reveals that on August 3rd, 2018, during an internal security audit, Tillamook Chiropractic Clinic learned its systems harbored carefully crafted malware for more than two years.

“On May 24, 2016, malware was installed on the primary insurance billing system, which hackers then used as a staging area to collect patient records, including patient full name, any diagnoses, lab results, medications, home address(es), work address(es), phone number(s), driver’s license, date of birth, social security numbers (for Medicare patients only), insurance billing information, bank routing numbers & account numbers, as well as employee payroll data,” according to the notice.

Hackers reportedly bypassed both anti-malware and firewall protection. The clinic was also using the latest version of operating systems with all patches installed at the time it got hacked. Nevertheless, copies of 4,058 patient records are believed to have been stolen, the report notes.

“The unauthorized access was terminated on August 3rd, 2018, immediately after discovery. Additionally, the computer security systems of Tillamook Chiropractic Clinic have been significantly modernized and upgraded, the policies have been updated, and notifications are being issued to individual patients as well as credit reporting agencies,” states the notice.

The clinic advises clients to actively monitor their credit reports and bank accounts for any signs of fraud or identity theft. Patients who believe they have already fallen victim are being directed to credit grantors with the recommendation to freeze their credit.

Leave a Reply