Practice Management Software Vendor Practicefirst Affected by Healthcare Ransomware Attack
The Attack, which Occurred in 2020, May Have Exposed Personally Identifiable Information (PII) of Practicefirst Patients and Employees.
Last updated on July 7, 2021
New York-based Practicefirst Medical Management Solutions, a medical management company that processes data for health care providers, declared that a 2020 healthcare ransomware attack may have exposed personally identifiable information (PII) of patients and work staff.
Established in 1960 as a medical billing specialist company, PracticefirstMedical Management Solutions has become a leader in billing, credentialing, coding, compliance, chart auditing, bookkeeping, and tax preparation. Headquartered in Amherst, New York, Practicefirstserves over 75 clients across the country.
How Did the Practicefirst Cyberattack Happen?
On December 30, 2020, the vendor discovered that an unauthorized cybercriminal who tried to deploy ransomware to encrypt their systems copied files that included restricted patient and employee sensitive data.
The information, later deleted, contained birthdates, names, addresses, driver’s license numbers, Social Security numbers, email addresses, and tax identification numbers.
In addition, diagnoses, lab and treatment information, medication information, health insurance identification, employee usernames and passwords, bank account information, and tax identification numbers were exposed.
Upon learning of this, Practicefirst shut down their systems, changed passwords, notified law enforcement, and hired national privacy and security experts.
The vendor stated it is not aware of any fraud or misuse of data as a result of the healthcare ransomware attack, and the attacker notified Practicefirst that the information was never shared and was later destroyed.
We immediately reported the incident to appropriate law enforcement authorities and implemented measures to further improve the security of our systems and practices.
We worked with a leading privacy and security firm to aid in our investigation and response and will report this Incident to relevant government agencies. We also implemented additional security protocols designed to protect our network, email environment, and systems.
As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.