Complete Chiropractic & Bodywork Therapies, located in Ann Arbor, Michigan, recently notified 4,082 patients that its server, which contained the electronic medical record and billing information of patients, was infected with malware from November, 2015 until it was discovered through a server malfunction in March.
The server contained the names, addresses, birth dates, Social Security numbers and health information of the patients. The clinic notified its patients and provided them with one year of identity theft protection.
This is another example of the insidiousness of malware infections, and how intruders have the ability to enter and stay in a system undetected for months or even years. It shows the importance of a continual analysis of IT systems and vulnerabilities to detect intrusions as quickly as possible to limit the risk of data loss.