Cyber Incident Victim: Arkansas Oral & Facial Surgery Center

On July 26, 2017, Arkansas Oral & Facial Surgery Center discovered a ransomware attack affecting its computer network. The attack encrypted files and disrupted operations, prompting an immediate investigation to determine whether protected health information (PHI) had been accessed or exfiltrated. While the center could not confirm data theft occurred, forensic analysis revealed the ransomware potentially compromised patient data stored in imaging files and documents. These records contained sensitive information including patient names, addresses, medical histories, treatment details, and Social Security numbers. The investigation confirmed the ransomware’s presence but could not definitively establish whether attackers viewed or copied data before encryption.

The center began notifying approximately 128,000 affected patients on September 24, 2017, nearly two months after discovery. Notifications advised patients to monitor financial accounts and medical records for suspicious activity, though no specific evidence of identity theft or fraud was linked to the incident at the time of disclosure. Arkansas Oral & Facial Surgery Center implemented network security enhancements to prevent recurrence, including strengthened access controls and data encryption measures. Patients were directed to contact credit bureaus and review guidance provided in the notification letters for additional protective steps. The organization did not disclose whether ransom payments were made or identify the specific ransomware variant involved in the attack.