A cyberattack on Texas Retina Associates has affected more than 312,000 patients, Human Technology Inc., has confirmed that patient data has been compromised in a cyberattack, and the Monti ransomware group has claimed responsibility for a cyberattack on Wayne Memorial Hospital.
Texas Retina Associates Cyberattack Affects 312,000 Patients
Texas Retina Associates, the largest ophthalmology practice in Texas, has announced that there has been unauthorized access to its internal systems and the potential theft of sensitive patient data. Suspicious network activity was identified on March 27, 2024, and third-party cybersecurity specialists were engaged to investigate the activity. They confirmed that an unauthorized actor gained access to its network on October 8, 2023, and maintained access until the breach was detected.
Texas Retina Associates said it is unaware of any misuse of patient data and is issuing notifications “out of an abundance of caution” as files have been exposed that contained patient data. The file review confirmed that the exposed data included first and last name, address, phone number, email address, birth date, gender, Social Security number, medical record number, clinical information, prescription information, medical information, health information, and health insurance information.
The breach has recently been reported to the HHS’ Office for Civil Rights as affecting up to 312,867 current and former patients. Texas Retina Associates has confirmed that its systems have been secured, additional cybersecurity safeguards have been implemented, cybersecurity policies and procedures have been enhanced, and additional cybersecurity training has been provided to its workforce. A helpline has been established for individuals to obtain further information about the breach (888-498-3901) The helpline is manned from 8 a.m. to 8 p.m. Central Time. The substitute breach notice on the Texas Retina Associates website makes no mention of complimentary credit monitoring or identity protection services being offered.
Human Technology Inc.
The Jackson, TN-based prosthetics and orthotics company, Human Technology Inc., and its affiliates Greer Orthotics & Prosthetics, Murphy’s Orthopedic & Footcare, and Hi-Tech Prosthetics & Orthotics have been affected by a data security incident that was detected on March 15, 2024.
An internal investigation was launched to identify the source of anomalous network activity and a digital forensics firm was engaged to assist with the investigation. The investigation was completed on or around May 31, 2024, and confirmed that an unauthorized actor gained access to a computer system used by Human Technology and its affiliates and potentially viewed or obtained patient data. The exposed data included names, addresses, dates of birth, medical information, health insurance information, Social Security numbers, driver’s license numbers, passport numbers, payment card numbers/expiry dates, account numbers, routing numbers, and tax IDs.
Notification letters were mailed to the affected individuals on June 28, 2024, and complimentary credit monitoring and identity theft protection services have been offered to the affected individuals. Human Technology said it is unaware of any misuse of the affected data. To improve security and reduce the risk of similar incidents in the future, Human Technology has implemented additional safeguards, including EDR monitoring. A helpline has been established for individuals seeking further information on the breach ((866)-528-4805). The helpline is manned from 8.00 a.m. to 5.30 p.m. Central Time.
The incident is not yet shown on the HHS’ Office for Civil Rights website so it is currently unclear how many individuals have been affected.
Ransomware Group Claims Responsibility for Attack on Wayne Memorial Hospital
The Monti ransomware group has claimed responsibility for a cyberattack on Wayne Memorial Hospital, an 11-bed non-profit hospital in Honesdale, PA. The hospital has yet to announce any cyberattack or data breach. The hospital has been added to the Monti group’s data leak site, but no data is currently listed for download. The group says it has given the hospital until July 8, 2024, to pay the ransom demand and will leak the stolen data if payment is not made.
The post Texas Retina Associates Cyberattack Affects 312,000 Patients appeared first on The HIPAA Journal.