Cyber Incident Victim: Tillamook Chiropractic Clinic
Date:
May 2016
Location:
United States of America
Summary
Tillamook Chiropractic Clinic experienced a malware-induced data breach compromising its primary insurance billing system, resulting in unauthorized access to sensitive patient and employee records. Attackers exfiltrated approximately 4,058 records containing personal, medical, and financial information including names, diagnoses, insurance details, Social Security numbers (for Medicare patients), and banking data. The intrusion occurred despite existing security protections like antivirus software, firewalls, and patched systems. Following discovery during an internal audit, the clinic terminated the unauthorized access, implemented system upgrades, and notified affected individuals and credit agencies.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Tillamook Chiropractic Clinic discovered a significant computer network breach during an internal security audit on August 3, 2018. Forensic analysis revealed that malware had been installed on the clinic's primary insurance billing system on May 24, 2016, which attackers exploited as a staging platform to collect sensitive patient and employee data over a two-year period. Compromised information included full names, diagnoses, lab results, medications, addresses, phone numbers, driver's license details, dates of birth, Social Security numbers (specifically for Medicare patients), insurance billing information, bank account/routing numbers, and employee payroll records. Approximately 4,058 patient records were confirmed stolen through this intrusion. Notably, the breach occurred despite the clinic maintaining antivirus software, anti-malware defenses, firewalls, fully patched operating systems, and third-party technical support prior to the incident's discovery.
Upon identifying the breach on August 3, 2018, the clinic immediately terminated unauthorized access and initiated comprehensive remediation efforts. Security systems underwent significant modernization and upgrades, while organizational policies were revised to prevent future compromises. The clinic issued breach notifications to affected patients and credit reporting agencies, advising individuals to monitor credit reports and bank accounts for fraudulent activity. Patients received specific contact information for Experian, Equifax, and TransUnion to facilitate credit freezes, along with instructions to report incidents to law enforcement via the FBI's Internet Crime Complaint Center or the Federal Trade Commission's identity theft portal. The clinic publicly apologized for the incident and established a dedicated contact line for patient inquiries through employee Verna Fritchle at (503) 801-3234, while recommending Harmonium, LLC as a security audit resource for other businesses.