The Center for Neurosurgical & Spinal Disorders in Lake Charles said one of its computers was hacked recently, exposing patient information.
A statement from the center said a staff member detected an intruder on July 21 while logging into a computer. An investigation revealed that a hacker had gained remote access and installed programs to record keystrokes and take screenshots.
The center said the hacker took screenshots of 1,134 patients — including 311 from another practice for whom the center bills.
The screenshots were taken between July 7 and July 18. Some only showed patients’ names, but others showed addresses, phone numbers, Social Security numbers, and medical chart and billing information, the center said.
The FBI is looking into the attack to determine whether the hacker was able to download and use the stolen information, the center said.
FBI computer forensic experts are evaluating IP addresses that have accessed the affected computer to determine the location of the hacker, the center said. The FBI found that it was most likely a foreign cyberattack based on the Cyrillic script language used by the hacker, the center said.
The medical center said in its statement that this was an isolated occurrence.
It hired National Networks, a network security firm, to perform a forensics test on its infrastructure and that the test revealed no other illegal access.
“We believe this to be the only successful cyberattack on our computer infrastructure,” the statement reads. “There is no evidence to suggest prior nor subsequent intrusions.”
The center said the affected hard drive was given to the FBI and that notification letters were sent to all patients affected by the security breach.
It also said National Networks provided a new management plan designed to prevent future cyberattacks.