Dermatology Center Detects Hacked Server Two Years Too Late

“In another cowardly Friday afternoon data breach disclosure, Chapel Hill, N.C.-based Central Dermatology Center said that one of its servers was breached by hackers back in August of 2012, but that it has just become aware of the breach,” SecurityWeek reports.

Company officials said the machine had been compromised by malware.

They are not sure exactly what data the attackers might have gotten their hands on.

“The information on the server that may or may not have been accessed included patients' name, address, phone numbers, date of birth, social security number, billing and diagnostic codes, insurance company, insurance co-payment information, healthcare provider, employer information, sex, treatment date, account balance, email address, and race,” the company said in a breach disclosure announcement on Nov. 7.

A company spokesperson declined to comment on the type of malware discovered or the security software that was installed on the server.

Responding to a subsequent inquiry as to why the company decided to make the announcement on a Friday afternoon, an unamed company spokesperson provided the following response: "Being thorough is what was required and its what our patients expect and deserve. While the investigation is ongoing, today was the day we were able to provide our patients with valuable information."