Dear Valued Patient,
We are informing you of a recent breach of your personal information at Pabalan Eye Center. We became aware of a ransomware
attack on 5/3/2021 ,which occurred on or about 5/1/2021. The breach occurred as follows:
Description: A ransomware attack was launched against our computers. This locked up our data and the attackers
demanded ransom for the key to unlock our data.
Types of Protected Health Information: The data which was ransomed included scanned insurance forms, exam
findings, imaging, diagnostic testing, and scanned past medical records.
Individual Steps: We elected not to pay ransom. Instead, because we had backup data, we immediately erased all affected
computers and servers, installed updated antivirus software, and updated technical protocols to cut off outside access to
our computers. Clean backup data was then restored. We have found no signs of illegal downloading of patient data.
Instead, it appears that the attacker wanted money to allow us to resume care of our patients.
Immediate Mitigation: Actions were taken immediately, and completed by 5/6/2021. These include the above, plus:
Installed new data encryption technology
Changed all passwords/strengthened password requirements
Created a new Security Rule Risk Management Plan
Implemented new secure VPN protected connection to servers
Implemented periodic technical and nontechnical evaluations and updates
Provided staff with additional training on HIPAA requirements
While it does not appear that financial data was taken, there is still risk. Therefore, as a precaution we advise you to take the
Place a fraud alert on your credit report by calling the toll-free number of any of the three major credit bureaus (below).
This can help prevent an identity thief from opening additional accounts in your name. As soon as a credit bureau confirms
your fraud alert, the other two bureaus will automatically be notified to place alerts on your credit report, and all three
reports will be sent to you free of charge.
o Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
o Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9532, Allen, TX 75013
o TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA
Order your credit reports. By establishing a fraud alert, you will receive a follow-up letter that will explain how you can
receive a free copy of your credit report. When you receive your credit report, examine it closely and look for signs of fraud,
such as credit accounts that are not yours.
Continue to monitor your credit reports.
We take our role of safeguarding your personal information seriously. Pabalan Eye Center apologizes for being attacked, and for the
worry this situation may cause you. We are doing everything we can to rectify this situation.
Dr. Pabalan and Staff of Pabalan Eye Center