PracticeMax Ransomware Attack Impacts 258K at FL Urgent Care Center

August 01, 2022 - Fast Track Urgent Care Center, which has a network of urgent care centers in Tampa Bay, Florida, began notifying 258,411 individuals of a 2021 ransomware attack that originated at its billing vendor, PracticeMax.

As previously reported, PracticeMax discovered suspicious activity on May 1 and later determined that a ransomware attack had occurred between April 17 and May 5. The vendor restored its systems by May 6 but determined that an unauthorized actor had potentially accessed and stolen files containing PHI.

In October, both Humana and Anthem notified some members that their protected health information (PHI) had been exposed following the attack.

PracticeMax notified Fast Track of the incident on May 10, 2021 but could not determine whether any Fast Track patients had been impacted at that time.

“On February 14, 2022, PracticeMax informed Fast Track for the first time that Fast Track’s customer and patient data may have been impacted as a result of the incident. However, PracticeMax’s investigation was still ongoing at that time to determine whether Fast Track customer and patient data had been subject to unauthorized access as a result of the incident,” the notice continued. 

“Finally, on June 6, 2022, PracticeMax confirmed that an unauthorized individual was able to access Fast Track’s customer and patient data.”

The exposed information potentially included names, Social Security numbers, passport numbers, treatment and diagnosis information, driver’s license numbers, birth dates, health insurance information, and financial information.

“Once against Fast Track sincerely regrets any inconvenience that this incident may cause its customers and patients and remains dedicated to protecting their information,” the notice concluded.

American Dental Association Faces Ransomware Attack 

The American Dental Association (ADA) began notifying patients about an April 21 ransomware attack that potentially resulted in data theft, a notice posted on the Montana Department of Justice website showed. In April, the Texas and New York Dental Associations reported technical difficulties, leading ADA to shut down its systems.

On April 27, ADA determined that an unauthorized actor had accessed and potentially acquired some data. The specific data elements involved in the breach were not present on the online notice, but the data related to names and other personal information. The ADA did not complete its investigation until June 10.  

“We take this incident and the security of personal information in our care seriously. Upon learning of this incident, we moved quickly to investigate and respond, to assess the security of relevant systems, and to reset relevant account passwords,” the notice continued.  

“As part of our ongoing commitment to the security of information, we are also reviewing and enhancing existing policies and procedures to reduce the likelihood of a similar future event. ADA notified law enforcement of this incident and will notify relevant state and federal regulators, as appropriate.”