Healthcare Information Security

Latest Health Data Breaches News

EMR Vendor Ransomware Attack Impacts 16,000 Patient Records

A cyberattack on IT Lighthouse, an EMR hosting vendor, breached the data of Redwood Eye Center patients, prompting the eye specialist to switch vendors.

ransomware attack on healthcare provider

By Jessica Davis

- California-based Redwood Eye Center notified the California Attorney General of a potential breach caused by a ransomware attack on its EMR hosting vendor IT Lighthouse. The third-party vendor hosts and stores the specialist’s patient data.

On Sept. 20, officials were notified by IT Lighthouse of a ransomware attack the previous day. Redwood worked with the third-party vendor, a digital forensic consultant and a specialist medical software vendor to investigate the incident.

Officials determined the ransomware attack may have involved the data of 16,055 patients, which included their names, health insurance information, medical treatment details, addresses and dates of birth.

Redwood has since changed its medical records hosting vendor and enhanced its security program.

Reported ransomware attacks have been in decline through 2018. However, there have been several large breaches reported in the past few months caused by the virus. Healthcare remains prone to these types of attacks given the need for access to data to maintain patient care.

Just recently, a ransomware attack on the Center for Vitreo-Retinal Diseases in Illinois potentially breached 20,000 patient records. And two providers reported service interruptions cause by ransomware within the last month.

Thundermist Health Center was hit with the virus last week, forcing officials to cancel appointments that would have impacted patient safety. And the previous week, two Ohio hospitals experienced a similar security event and emergency care patients were diverted to nearby hospitals.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...