Plastic Surgery Associates of South Dakota has announced a data breach that may have left some patient records open to hackers.

The company, founded in 2011, has locations in Sioux Falls, Dakota Dunes, Yankton, Mitchell, Watertown and Spencer, Iowa.

A news release issued Thursday says the company learned of the ransomware attack on Feb. 12 and began to remove it immediately by hiring third-party experts to determine what data was potentially accessed.

Plastic Surgery Associates is providing notice to approximately 10,200 individuals regarding the recent ransomware attack on its practice.

Most patient records were not accessed, but investigators were unable to locate all the evidence needed in the clean-up efforts. By April 24, the company decided that it could not conclude that all patient information was protected.

That information could include some combination of patient name, Social Security number, driver’s license or state identification number, credit card information, medical conditions, diagnosis information, lab results, address, date of birth and insurance information.

No evidence of “actual or attempted misuse of patient information” has been found, the release says, but the company chose to issue a notice “out of an abundance of caution.”

The company is reporting the incident to the U.S. Department of Health and Human Services, “working to implement additional safeguards” and offering a year of credit monitoring through Equifax and Credit Watch to those who might be affected.

Patients with questions can visit http://www.plasticsurgeryassociatesofsd.com/notice-of-data-incident/ or call 800-954-9263.