Prestera Center for Mental Health Services, the largest behavioral health services provider in West Virginia, has discovered an unauthorized individual potentially accessed the protected health information of a small percentage of its current and former patients.

An unauthorized individual gained access to Prestera Center’s business email environment which contained protected health information such as patient names, dates of birth, medical record numbers, patient account numbers, diagnostic information, prescription information, treatment information, and healthcare provider information. The email system also contained a limited number of patient addresses, Social Security numbers, and Medicare/Medicaid numbers.

A third-party vendor was engaged to assist with the investigation and determine whether any PHI was viewed or obtained during the data security incident. Prestera Center said the investigation did not uncover any evidence of attempted or actual misuse of patient information, but since PHI may have been viewed or acquired, affected individuals have been offered complimentary identity theft restoration and credit monitoring services.

Prestera Center has taken steps to enhance security including implementing multi-factor authentication on all accounts, strengthening its cybersecurity infrastructure, replacing and strengthening the firewall, revising policies and procedures, and implementing an intensive training program for employees.

Mattapan Community Health Center Email Breach

Mattapan Community Health Center (MCHC) in Massachusetts is notifying certain patients that some of their protected health information has potentially been viewed by an unauthorized individual who gained access to an employee’s email account.

Unusual email activity was detected on October 16, 2020 within an employee’s email account. Assisted by a third-party security firm, MCHC determined that the email account was accessed between July 28, 2020 and October 15, 2020. A review of the account revealed it contained sensitive data that may have been viewed or acquired.

The information in the account varied from individual to individual and may have included patient names, Social Security numbers, medical diagnoses, treatment information, provider information, health insurance information and/or medical record numbers.

MCHC said no evidence was found to indicate any actual or attempted misuse of patient data. MCHC has since implemented additional security measures to prevent further breaches.

The post Email Breaches Reported by Mattapan Community Health Center and Prestera Center for Mental Health Services appeared first on HIPAA Journal.

Northwestern Memorial Hospital in Chicago discovered a former temporary worker may have inappropriately viewed the medical records of certain patients while employed at the hospital.

The unauthorized access was detected on December 2, 2020. A review of access logs revealed the individual viewed patient records without a work-related purpose for doing so between October 27, 2020 and December 2, 2020.  The information potentially viewed was limited to patient names, addresses, and treatment information. The worker did not have access to financial information or Social Security numbers.

Northwestern Memorial Hospital issued a statement about the privacy breach confirming the records of 682 patients may have been viewed and confirmed that the temporary worker is no longer employed by the hospital. It is unclear why the records were accessed. All affected patients are being notified about the privacy breach by mail and the incident has been reported to appropriate authorities.

Apex Laboratory Victim of DoppelPaymer Ransomware Attack

Apex Laboratory, a provider of home laboratory services in the New York metropolitan area and South Florida, was the victim of a DoppelPaymer ransomware attack in July 2020. Thousands of files have recently been uploaded to the data leak site of the DoppelPaymer ransomware gang, many of which contained the protected health information of patients and sensitive employee data.

Databreaches.net reports that after contacting Apex Laboratory about the breach, the dumped data was removed from the DoppelPaymer leak site. In a December 31, 2020 breach notice posted on the Apex Laboratory website, the laboratory confirmed that it suffered a ransomware attack on July 25, 2020 and that the encrypted data was restored on July 27, 2020.

The data uploaded to the leak site is presumed to have been obtained in the July cyberattack. Apex Laboratory confirmed that after being notified about the dumped records, steps were immediately taken to ensure the attackers removed the data from the leak site. The dumped data is believed to have included patient names, birth dates, test results, and a limited number of phone numbers and Social Security numbers. The investigation into the breach is ongoing and breach notification letters will be mailed to victims in the next few days.

Athens Optometrist Reports Potential Breach of Patient Data

Five Points Eye Care in Athens, GA has discovered an unauthorized individual gained access to its network and potentially viewed/obtained patient information. The breach occurred on October 27, 2020 and was detected and remediated the same day.

The breach was limited to the email system, which only contained correspondence sent to the optometrist from other treating physicians. Those emails contained names, dates of birth, Social Security numbers, addresses, medications, and treatment plans. A forensic investigation confirmed no other information could be accessed.

The security breach was reported to law enforcement and affected individuals have been notified by mail and offered a year of free credit monitoring services.

The post Breaches Reported by Northwestern Memorial Hospital, Apex Laboratory, and Five Points Eye Care appeared first on HIPAA Journal.

In October 2020, the NetWalker ransomware gang claimed responsibility for a ransomware attack on the North Carolina-based surgical center, Wilmington Surgical Associates. The gang claimed to have stolen around 13GB of data prior to deploying NetWalker ransomware and encrypting files. The stolen batch of data included thousands of documents containing sensitive information.

HIPAA Journal has not yet been able to obtain a copy of the breach notification; however, the ransomware attack has now appeared on the HHS’ Office for Civil Rights breach portal and shows the PHI of 114,834 patients was compromised in the attack.

The NetWalker ransomware gang targets healthcare providers and the gang has stepped up its attacks in 2020. The gang was behind the ransomware attack on the University of California San Francisco and stole sensitive and valuable research data. The University felt it had no alternative other than to pay the $1.14 million ransom to recover the encrypted data.

Other healthcare providers attacked with NetWalker ransomware this year include the Crozer-Keystone Health System in Philadelphia, the Champaign-Urbana Public Health District in Illinois, and Brno University Hospital in the Czech Republic. The group also targets universities and was behind the 2020 ransomware attacks on Michigan State University and Columbia College of Chicago

According to a report released by the cybersecurity firm McAfee in August 2020, the NetWalker gang had been paid at least $29 million in ransom payments since March 2020, making it one of the most successful ransomware-as-a-service operations.

The group is known to attack large companies and high value targets, and this year started recruiting affiliates specialized in conducting targeted attacks on large enterprises, especially attacks on firewalls, Virtual Private Networks, web application interfaces, and Remote Desktop Protocol connections. As is the case with other manual ransomware threat groups, data is stolen prior to encryption and is released publicly on dark net sites if the ransom is not paid.

The increase in activity of the gang prompted the FBI to issue a flash alert in July 2020 warning healthcare organizations, educational institutions, private sector companies, and government agencies about the increased risk of attack.

The post More Than 114,000 Patients Affected by Wilmington Surgical Associates Ransomware Attack appeared first on HIPAA Journal.

The Tampa, FL-based Agency for Community Treatment Services, Inc. (ACTS) is alerting certain patients that some of their protected health information has potentially been compromised in an October 21, 2020 cyberattack.

The security breach was detected on October 23 when ransomware was deployed. The hackers gained access to parts of the ACTS server and data infrastructure and encrypted files to prevent access. Systems were taken offline to prevent further unauthorized access and third-party computer forensic experts were engaged to assist with the investigation and determine the scope of the breach.

While unauthorized data access was possible, the investigation did not uncover any specific evidence to indicate patient data had been accessed or exfiltrated. ACTS explained that this was due to the extensive efforts made by the attackers to conceal their malicious activity. The attackers may therefore have accessed or stolen information stored on the breached systems.

The review of the compromised systems revealed they contained patient names, dates of birth, Social Security numbers, and medical records containing information such as diagnoses, treatment information, and health insurance information related to the services provided to patients between 2000 and 2013.

ACTS was able to restore the encrypted data from backups and did not pay the ransom and steps have been taken post-breach to strengthen security and prevent further attacks. Since patient data may have been compromised, ACTS is providing complimentary credit monitoring and identity theft protection services to all affected individuals.

Leon Medical Centers Attacked with Conti Ransomware

Leon Medical Centers, a network of 8 medical centers in Miami and Hialeah in Florida, experienced a Conti ransomware attack in which the protected health information of patients was allegedly stolen. The attackers issued a ransom demand and threatened to publish the records of patients stolen prior to the deployment of ransomware.

The attackers claimed the data stolen included patient names, addresses, Social Security numbers, diagnoses, treatment information, health insurance information, and patient photographs. They claim to have obtained the PHI of more than 1 million patients, although that claim has been refuted by Leon Medical Centers, which maintains the amount of data stolen has been grossly overstated.

The attack occurred prior to December 22, 2020 and Leon Medical Centers is still investigating the breach. At this stage it is unclear exactly what information was stolen and how many patients have been impacted.

Proliance Surgeons Announce Corporate Website Breach

Proliance Surgeons, a Seattle, WA-based surgical practice, has suffered a breach of its corporate website in which payment card information may have been stolen. In a December 23, 2020 breach notice, the practice explained that its investigation revealed the attackers had access to the website between November 13, 2019 and June 24, 2020. During that time, the attackers potentially accessed and obtained cardholder names, card numbers, expiry dates, and zip codes. No other protected health information was involved. The breach was limited to individuals who paid for services online, not individuals who paid over the phone or in person.

The cause of the breach has been identified and addressed and a new website with a different payment platform has been implemented, which has superior security protections.  Proliance has coordinated with the major payment card providers to prevent unauthorized charges on the affected cards. Individuals affected by the breach have been advised to check their statements carefully and to report any unauthorized charges to their card provider.

The post Two Florida Healthcare Providers Attacked with Ransomware appeared first on HIPAA Journal.

Aetna has announced more than 484,000 of its members have been impacted by a data breach at a business associate that provides services for members of its vision benefits plans. In July 2020, an unauthorized individual gained access to an email account of an employee of Cincinnati-based EyeMed and used the email account to send further phishing emails to individuals in the address book of the mailbox.

EyeMed investigated the breach and determined the mailbox contained the protected health information of 484,157 Aetna members, 60,545 members of Tufts Health Plan, and around 1,300 members of Blue Cross Blue Shield of Tennessee.  No evidence of data theft or misuse of PHI was identified, although it was not possible to rule out data theft with a high degree of certainty. Affected health plans were notified about the breach in September.

The compromised email account contained information such as members’ names, dates of birth, vision insurance ID numbers, health insurance ID numbers and, for a limited number of individuals, Social Security numbers, birth certificates, diagnoses, and financial information. The breach only impacted current and former members of the above health plans who received vision benefits through EyeMed.

A spokesperson for EyeMed said, “To help prevent something like this from happening again, we have taken prompt action to enhance the protections that were already in place before the incident, including additional network security measures and security awareness training.”

Midwest Geriatric Management BEC Attack Impacts 4,800 Individuals

Midwest Geriatric Management (MGM) Healthcare has notified 4,814 individuals that some of their protected health information was potentially compromised in a business email compromise attack. A fraudster impersonated the CFO and sent an email to an MGM employee requesting a spreadsheet be sent via email. Believing the request to be genuine, the employee responded and sent the spreadsheet as requested.

Email security features were in place that should block attacks such as this, but in this case those security features were circumvented. The spreadsheet contained names, account balances, and the name of the relevant facility. No other information was compromised.

MGM’s investigation revealed this was an isolated incident and no other systems were compromised. Further training has been provided to employees on email security and, out of an abundance of caution, all affected individuals have been offered a complimentary membership to myTrueIdentity identity theft protection services.

TennCare Mailing Vendor Breach Impacts 3,300 Members

Tennessee’s state Medicaid health plan, TennCare, has announced that an error at a mailing vendor has exposed a limited amount of the protected health information of approximately 3,300 of its members.

Gainwell, which runs TennCare’s Medicaid Management Information System, discovered mailings sent to TennCare members by its mailing vendor Axis Direct in late 2019 and 2020 were misaddressed and sent to incorrect addresses.

TennCare was notified about the breach on October 23, 2020. Gainwell has provided assurances that the cause of the error has been identified and steps have been taken to ensure similar incidents do not occur in the future. Affected individuals have been offered complimentary membership to credit monitoring services.

PHI of Premier Kids Care, Inc. of Georgia Patients Compromised

Premier Kids Care, Inc. (PKC) of Georgia has discovered an unauthorized individual gained access to its systems and obtained a limited amount of patient data.  The breach was initially discovered on April 6, 2020. It is unclear why it took 8 months for breach notifications to be issued.

The types of information stored on the compromised computer included names, addresses, telephone numbers, dates of birth, treatment information, and health insurance information. Affected individuals have been offered a complimentary 12-month membership to identity theft protection and credit monitoring services.

The post 484,000 Aetna Members Impacted by EyeMed Phishing Incident appeared first on HIPAA Journal.

Scottsdale, AZ-based GenRx Pharmacy is alerting certain patients that some of their protected health information has potentially been compromised in a ransomware attack. The attack was detected on September 28, 2020 and the IT team acted quickly and terminated the attacker’s access to its systems the same day. The investigation confirmed ransomware was deployed on 27 September and prior to the use of ransomware a small number of files containing protected health information were exfiltrated by the attackers.

A review of the stolen files revealed they contained protected health information such as names, addresses, dates of birth, gender, allergy information, patient IDs, prescription transaction IDs, medication lists, health plan information, and prescription information. Social Security numbers are not collected by the pharmacies and financial information is not retained, so that information could not have been compromised. GenRx Pharmacy had valid backups that were used to restore the encrypted data and no ransom was paid.

While the number of individuals affected is currently unclear, GenRx Pharmacy said fewer than 5% of former patients have been affected. Since the attack, GenRx has upgraded its firewall, improved its anti-virus software, implemented a web filter, enhanced network monitoring, added multi-factor authentication, and installed a real-time intrusion detection system. Employees have also received additional training and internal policies and procedures have been updated. Further controls and measures are also being considered to enhance security.

Nebraska Methodist Health System and Texas Tech University Health Sciences Center Impacted by Blackbaud Ransomware Attack

Two further victims of the ransomware attack on the cloud service provider Blackbaud have announced they have been affected by the incident.

Nebraska Methodist Health System has confirmed that 39,912 individuals have had some of their personal and protected health information compromised in the attack and Texas Tech University Health Sciences Center has reported the breach as affecting 37,000 individuals.

Blackbaud provided both entities with customer relationship management and financial services tools which were used for fundraising purposes. Between February 7, 2020 and May 20, 2020, hackers had access to Blackbaud’s systems and may have acquired backup copies of customer databases before deploying ransomware. Blackbaud paid the ransom and received assurances that the stolen data had been deleted.

Nebraska Methodist Health System said the following information was compromised: Names, demographic and contact information, medical record numbers, reasons for visits, treating physicians, treating facilities, and encounter types (i.e. inpatient, outpatient surgery, observation, or emergency outpatient).

The Texas Tech University Health Sciences Center database contained names, mailing addresses, telephone numbers, email addresses, dates of birth, TTUHSC medical record numbers, physician names and specialty.

The post Former GenRx Pharmacy Patients’ PHI Potentially Compromised in Ransomware Attack appeared first on HIPAA Journal.