CHAPEL HILL, N.C., Nov. 7, 2014 /PRNewswire/ -- Central Dermatology Center ("Central") announced today that on September 25, 2014 it became aware that one of its servers had been compromised by malicious software ("malware"). Central immediately consulted with forensic IT experts to identify and remove the malware and determine exactly what information on the server may have been accessed. The malware was removed and the server has been disconnected from Central's system.
The information on the server that may or may not have been accessed included patients' name, address, phone numbers, date of birth, social security number, billing and diagnostic codes, insurance company, insurance co-payment information, healthcare provider, employer information, sex, treatment date, account balance, email address, and race.
Based on Central's forensic investigation to date, it is believed that patient bank account and payment card information were not compromised and electronic medical records were not on this server as they were encrypted by Central prior to the malware being placed on the server.
"Taking aggressive action early and confronting this issue is consistent with the practice's core value of behaving in an ethical and transparent fashion," said Greg Catt, Practice Administrator at Central Dermatology Center & Carolina Medi-Spa. "Central hired a prominent forensics security expert and an information technology firm that investigated this incident and reviewed all systems. Central has improved our security wherever necessary to help protect our community. On behalf of the people of Central Dermatology Center, we sincerely apologize for any inconvenience this may cause."
The investigation revealed that malware compromised a password-protected Central server on or about August 9, 2012 despite safeguards in place, including software on the server designed to prevent such malware. Central contacted, and will continue to work with, local law enforcement, the Federal Bureau of Investigation, North Carolina Attorney General, nationwide consumer reporting agencies, and the U.S. Department of Health and Human Services regarding this matter.
Catt said today the practice is notifying potentially affected patients and patients are being offered free credit monitoring and identity theft protection. Patients are encouraged to take advantage of these services being provided by Equifax. Additionally, Central created a data security incident call center to answer patient questions, including whether their information was included in this incident. That number is 1-800-448-6104. The call center is open Monday-Friday from 11am-7pm Eastern Time.
Patients can remain vigilant by reviewing their account statements and reporting any suspicious activity to their financial institution. For more information please visit Central's website at www.centralderm.net.
Central Dermatology Center & Carolina Medi-Spa's team of board-certified physicians and highly-trained staff is based in Chapel Hill, with dermatology offices in Sanford, Siler City, and Pittsboro. We combine one-on-one, personal attention to your needs with professional expertise and the latest technological advances in medical, surgical, and cosmetic dermatology.
SOURCE Central Dermatology Center