Cyber Incident Victim: Southeastern Minnesota Oral & Maxillofacial Surgery

On September 23, 2019, Southeastern Minnesota Oral & Maxillofacial Surgery (SEMOMS) experienced a ransomware attack targeting one of its servers. The organization’s IT staff responded immediately to contain the incident and successfully restored the impacted data from backups. SEMOMS publicly disclosed the breach via a website announcement on December 5, 2019, confirming the attack compromised patient health information but did not specify whether a ransom was demanded or paid. Forensic investigators hired by SEMOMS could not conclusively determine whether attackers accessed or viewed patient names and X-ray images stored on the affected server. The organization emphasized no evidence suggested actual misuse of data or unauthorized viewing occurred during the intrusion.

The incident potentially exposed information belonging to all 80,000 patients under SEMOMS’ care, prompting mandatory notification letters that detailed the breach and provided a toll-free inquiry number. SEMOMS clarified that financial records, Social Security numbers, and full medical histories remained unaffected. In response, the organization initiated a comprehensive review of its cybersecurity policies and procedures to prevent future incidents. Remediation efforts included revising information security protocols and reinforcing data protection measures, though specific technical controls were not disclosed. SEMOMS maintained its commitment to patient privacy while acknowledging the unresolved forensic status of the compromised server’s data accessibility during the attack.