The California-based Center for Orthopaedic Specialists (COS) is notifying 85,000 of its current and former patients that a ransomware attack on its IT vendor may have breached their data.

Hackers launched a ransomware attack on COS computer systems, which impacted three of its locations in West Hills, Simi Valley and Westlake Village on Feb. 24. Hackers had locked down its system and encrypted patient data. 

Once discovered, the Center for Orthopaedic Specialists IT vendor took the system offline in an attempt to limit the damage and implemented preventative measures to prevent a future attack. 

[Also: The biggest healthcare data breaches of 2018 (so far)]

Impacted information includes demographic data, medical records, insurance information and Social Security numbers. Patients are being offered free identity protection services for two years along with protection from a $1 million insurance policy.

The investigation could not rule out whether data was exfiltrated, but officials said it doesn’t appear the hacker was able to do so.

This new ransomware attack is just the latest in a continuing trend of the ever-evolving malware. It pummeled the healthcare sector in the early part of the year, with attacks on Hancock Health that drove the Indiana provider to pen and paper, and the high-profile SamSam attack on EHR vendor Allscripts as well.  

While the Center for Orthopaedic Specialists did not name the IT vendor or reveal the ransomware strain involved, earlier this month the Department of Health and Human Services warned that the SamSam variant is targeting healthcare and “the ransomware risk to the sector is expected to continue for the foreseeable future.”

HHS recommends the use of data backups, along with contingency and business continuity plans to “ensure resilient operations in the event of a ransomware event.”

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com