Another ransomware attack on a Fort Myers, Florida surgical center potentially exposed more than 33,000 patients’ information.

In April, St. Mark’s Surgical Center in Florida became the victim of a ransomware attack.  The attack occurred between April 13 and April 17 and affected the Center’s server.  The server contained patient information such as names, dates of birth, health and treatment information, and Social Security numbers.

St. Mark’s hired a third party to assist in recovering the affected data and to ensure that the server was no longer affected by the ransomware.

At this time, St. Mark’s reported that it is not aware of any of the information being used or accessed, but because the information was technically not accessible by St. Mark’s, it was reported to the Office for Civil Rights (OCR).

The Center is providing 12 months of credit monitoring services at no cost to the affected individuals and is fielding calls from patients who might have questions about whether or not they are part of those affected.

St. Mark’s stated that the organization has taken extra precautions to help prevent similar situations in the future.  The organization has installed a more robust firewall, installed a backup and disaster recovery system, and ensured patches are installed and are protected by the latest anti-virus software.

The steps St. Mark’s took after the incident are steps that organizations should take before an event occurs.  Sometimes it’s easy for these items to fall by the wayside, especially when a smaller office is busy with day-to-day operations with patients.  However, it’s important to put these back on the radar.

If these are things that you don’t handle yourself, but outsource to an IT company, you should consider talking with those employees and making sure that the proper threat management is in place like anti-virus software, patches, firewalls, etc.


To learn more about what you can do to help protect your organization from ransomware, join HIPAAgps today.