Social Action Community Health System (SAC Health) has recently notified 149,940 patients that documents containing their protected health information were stolen in a break-in at an off-site storage location where patient records were stored.

The break-in was discovered on March 4, 2022, with the subsequent investigation confirming on April 22, 2022, that six boxes of paper documents had been stolen from the facility, which included files relating to patients served by SAC Health in 1997 and between 2006 and 2020.

An analysis was conducted to determine which types of information were included in the files and concluded the documents may have contained information such as names, addresses, dates of birth, and diagnosis codes. Notification letters were sent to those individuals on May 3, 2022. SAC Health said it is unaware of any actual or attempted misuse of patient data as a result of the break-in; however, as a precaution against identity theft and fraud, affected individuals have been offered complimentary credit monitoring services. SAC Health said it is conducting a review of its policies and procedures concerning the storage of paper data.

Bryan County Ambulance Authority Ransomware Attack Affects 14,000 Patients

The Bryan County Ambulance Authority in Oklahoma has recently started notifying 14,273 patients about the exposure and potential theft of some of their protected health information. According to the notification letters, the attack was detected on November 24, 2021, when files on its systems were encrypted. Immediate action was taken to prevent further unauthorized access, and third-party cybersecurity consultants were engaged to assist with the forensic investigation.

The breach notice does not indicate what types of information were stolen in the attack but says affected individuals have been offered a complimentary membership to an identity theft protection service. According to the notice, the forensic investigation and document review took until April 7, 2022, hence the delay in issuing notifications to affected individuals.

Lifespan Services Suffers Ransomware Attack

Charlotte, NC-based Lifespan Services, a non-profit provider of services to individuals with disabilities, has recently confirmed it was the victim of a ransomware attack that affected data on its servers. The attack occurred on April 12, 2022, and prompt action was taken to secure its systems.

Lifespan said it was possible to restore all encrypted data within 24 hours of the attack, but the forensic investigation confirmed on May 3, 2022, that the individuals behind the attack had accessed files containing patients’ personal information, including names Social Security numbers, Medicaid numbers, driver’s license numbers, and bank routing numbers.

Lifespan said multiple layers of protection were in place, and additional security measures have now been implemented. A complimentary one-year membership to identity theft protection services has been offered to the 8,006 individuals affected.

Vice Society Claims Responsibility for Ransomware Attack on Atlanta Perinatal Associates

The Vice Society ransomware gang has claimed responsibility for a ransomware attack on Atlanta Perinatal Associates in Georgia. Atlanta Perinatal Associates specializes in treating mothers who have high-risk pregnancies, and coordinates care with other medical providers.

The healthcare provider has not yet confirmed it was a victim of a ransomware attack; however, Vice Society has uploaded data to its leak site that was allegedly stolen in the attack. The data includes names, dates of birth, ID numbers, expected due dates, referring physician names, sonographer names, ultrasound results, drug and alcohol use histories, other health information, and some records include credit card information and health insurance information. According to databreaches.net, which reviewed some of the files, they relate to records created between 2019 and April 2022.

Since the incident has yet to be reported to regulators, it is currently unclear how many patients have been affected.

The post SAC Health Theft Incident and Multiple Ransomware Attacks Reported appeared first on HIPAA Journal.

In March 2022, Partnership HealthPlan of California (PHC) announced that third-party forensic specialists had been engaged to help restore the functionality of its IT systems following a cyberattack. PHC has now confirmed in a breach notification to the Maine Attorney General that the protected health information of 854,913 current and former health plan members has potentially been stolen, making this one of the largest healthcare data breaches to be reported so far this year.

According to the notification, the cyberattack was detected on or around March 19, 2022. Steps were immediately taken to contain the breach and an investigation was launched to determine the nature and scope of the attack. PHC said the forensic investigation uncovered evidence that the unauthorized party behind the cyberattack had removed files from the PHC network on or around March 19.

The review of the affected files is ongoing, and while it has yet to be confirmed which specific types of protected health information were included in the affected files, notification letters are starting to be sent to affected individuals. PHC said the types of information potentially stolen may include names, birth dates, addresses, email addresses, Social Security numbers, driver’s license numbers, Tribal ID numbers, medical record numbers, health insurance information, diagnoses, treatment and prescription information other medical information, and member portal usernames and passwords.

While PHC did not state the nature of the cyberattack in its breach notification, the Hive ransomware gang has claimed responsibility for the attack and alleges around 400 GB of files were stolen, a sample of which was temporarily uploaded to the group’s data leak site. PHC said it is reviewing and enhancing its policies and procedures relating to data protection and security, and additional security measures and safeguards will be implemented to protect against this type of event in the future. PHC is covering the cost of access to credit monitoring services for affected individuals for two years. A class action lawsuit has already been filed on behalf of individuals affected by the breach.

The post Over 850,000 Individuals Affected by Partnership HealthPlan of California Cyberattack appeared first on HIPAA Journal.

Cleveland, OH-based Parker-Hannifin Corporation, a manufacturer of motion and control technologies, has recently announced that unauthorized individuals have gained access to some of its IT systems and may have acquired files containing the sensitive information of current and former employees, their dependents, and other individuals affiliated with the company.

Suspicious activity was detected within its IT environment on March 14, 2022. The forensic investigation confirmed its systems were accessed by unauthorized individuals between March 11, 2022, and March 14, 2022. A comprehensive review of the affected files confirmed they contained information such as names, birth dates, addresses, Social Security numbers, driver’s license numbers, passport numbers, financial account information such as bank account and routing numbers, and online account usernames and passwords. Current and former members of the Parker Group Health Plan, or a health plan sponsored by an entity acquired by Parker, may also have had their enrollment information compromised, which includes health insurance plan member ID number and dates of coverage.

The breach has been reported to the HHS’ Office for Civil Rights as affecting 119,513 group health plan members. Affected individuals have been notified and offered a complimentary 2-year membership to Experian’s IdentityWorks identity theft protection and resolution services.

Behavioral Health Partners of Metrowest Reports Data Theft Incident

Framingham, MA-based Behavioral Health Partners of Metrowest (BHPMW) has notified 11,288 individuals that some of their protected health information has been copied from its systems by an unauthorized individual. BHPMW learned of the data breach on October 1, 2022, with the forensic investigation confirming the unauthorized individual accessed its systems and removed data on September 14 and September 18, 2021.

The stolen data related to the Behavioral Health Community Partner Program which BHPMW operates under contract with MassHealth, in collaboration with the Advocates, Family Continuity, SMOC, Spectrum Health Systems, and Wayside Youth and Family Support provider agencies and included names, addresses, Social Security numbers, birth dates, client identification numbers, health insurance information, and medical diagnosis/treatment information. BHPMW is unaware of any attempted or actual misuse of the stolen information.

Notification letters were sent to affected individuals on May 11, 2022, and those individuals have been offered complimentary credit monitoring and identity protection services.

Vail Health Services Data Security Incident Affects 17,000 Patients

A data security incident at Vail Health in Colorado has resulted in the exposure and potential theft of the protected health information of 17,039 patients. Vail Health said it started experiencing disruption to its network systems and launched an investigation which revealed on April 5, 2022, that an unauthorized individual had gained access to its systems on February 11, 2022.

The compromised systems contained a small number of files that included information about individuals who received COVID-19 tests from Vail Health, such as names, birth dates, contact information, encounter numbers, and COVID-19 test results. No Financial information, health insurance information, or Social Security numbers were exposed or compromised.

The systems already had controls that restricted access to limited individuals. Additional security measures have now been implemented to further restrict access.

The post Parker-Hannifin Cyberattack Affects Almost 120,000 Health Plan Members appeared first on HIPAA Journal.

The Irving, TX-based nonprofit health system, Christus Health, which operates more than 600 healthcare facilities in Texas, Arkansas, Louisiana, and New Mexico, has announced it has recently identified suspicious activity in its computer systems and blocked an attempted cyberattack. The prompt action taken by the Christus IT team severely limited the scope of the attack and prevented the incident from impacting its patient care and clinical operations. Christus Health said it is working with third-party cybersecurity experts to investigate and determine the extent of the security breach.

A relatively new ransomware threat group called AvosLocker has claimed credit for the attack. AvosLocker operates under the ransomware-as-a-service (RaaS) model and was first identified in July 2021. The threat group engages in double extortion tactics and is known to exfiltrate data prior to file encryption, then threatens to auction the stolen data if the ransom is not paid.

The number of attacks conducted by Avosocker has been steadily growing, with data from Trend Micro indicating at least 30 attacks were conducted in January 2022, and 37 in February. The gang is known to exploit unpatched vulnerabilities to gain access to victim networks and is reported to use compromised RDP and VPN credentials. The location of the RaaS operation is not known, but it is probable that they are based in Russia or a Post-Soviet state since the group does not permit attacks in those countries. In March 2022, a joint cybersecurity advisory was issued by the FBI and the Department of the Treasury which provided Indicators of Compromise associated with AvosLocker.

Avoslocker has been targeting critical infrastructure entities in the United States, including healthcare organizations. One of the most recent victims was McKenzie Health System in Michigan, which was attacked by the gang in March 2022. The protected health information of 25,318 patients was potentially stolen in that attack, a sample of which was allegedly uploaded to the AvosLocker dark web leak site.

AvosLocker has uploaded a sample of data to its dark web leak site which was allegedly stolen in the attack on Christus Health. At this stage, the extent to which patient data has been affected has not been determined.

The post AvosLocker Claims Credit for Christus Health Ransomware Attack appeared first on HIPAA Journal.

The Manchester, NH-based medical equipment company, NuLife Med LLC, has recently announced it was the victim of a cyberattack in March 2022. Suspicious network activity was detected on or around March 11, 2022, and steps were immediately taken to prevent further unauthorized network access. An investigation was launched to determine the nature and scope of the attack and to allow its network and systems to be restored. The investigation confirmed that unauthorized individuals had accessed its network between March 9 and March 11, 2022, and potentially viewed and exfiltrated files from its systems.

It was not possible to determine which files had been viewed or removed from its systems, nor the exact number of files that had been accessed or exfiltrated. Notification letters have therefore been sent to all individuals potentially affected. The review of the files revealed they mostly contained protected health information such as names, addresses, medical information, and/or health insurance information. A limited number of individuals have also had their Social Security numbers, driver’s license information, and/or financial account or credit card information exposed.

NuLife Med said it is currently reviewing records to try to determine which individuals have had information beyond medical and/or health insurance information impacted, and additional notifications will be sent to those individuals when the breach investigation has concluded. NuLife said no reports have been received to date to indicate any patient information has been misused.

The data breach has been reported to the HHS’ Office for Civil Rights as affecting 81,244 individuals.

Ransomware Attack Affects 28,000 FPS Medical Center Patients

FPS Medical Center in Lake Havasu City, AV, has recently announced it was the victim of a malware incident that encrypted files on its network. The security breach was detected on March 3, 2022, with the subsequent investigation determining its systems were first breached on February 28, 2022. Unauthorized access was blocked on March 3, 2022.

A forensic investigation was conducted to determine whether patient information was accessed or exfiltrated, but it was not possible to tell if any files had been viewed or downloaded, although the possibility of unauthorized access and data theft could not be ruled out.

A review was conducted of all files on the parts of the network that were affected, which concluded on April 25, 2022. The files contained full names, addresses, birth dates driver’s license information, medical information such as treatment and diagnosis information, health insurance information, and limited Social Security numbers.

Notification letters have now been sent to the 28,024 patients whose protected health information has potentially been compromised. FPS Medical Center said it is reviewing its policies and procedures and will implement additional administrative and technical safeguards to further secure the information in its systems.

Schneck Medical Center Announces Cyberattack and Data Theft Incident

Schneck Medical Center in Seymour, IN, has started notifying certain patients that some of their protected health information was contained in files that were exfiltrated from its systems.

The medical center did not state in its notification whether the security incident was detected but said an extensive forensic investigation and manual document review were conducted which determined on March 17, 2022, that files had been exfiltrated from its systems on or around September 29, 2021.

The files contained names along with one or more of the following data types: Address, date of birth, medical record number, other internal identification numbers, driver’s license/state identification numbers, medical diagnosis and conditions information, and health insurance/claims information. The files also contained limited Social Security numbers, financial account information, and payment card information.

Schneck Medical Center said no evidence was found to indicate any actual or attempted misuse of patient data; however, as a precaution, individuals potentially at risk have been offered complimentary credit monitoring services. Notification letters were sent to affected individuals on May 13, 2022.

A review has been conducted of its security systems, policies, and procedures, and additional security measures are being implemented to prevent similar incidents in the future.

The post Cyberattacks Reported by Schneck Medical Center, NuLife Med, & FPS Medical Center appeared first on HIPAA Journal.

Refuah Health Center in New York has recently started notifying 260,740 patients about a security breach that occurred almost a year ago. According to the April 29, 2022, notification on the healthcare provider’s website, “We recently discovered unauthorized access to our network occurred between May 31, 2021, and June 1, 2021.” Upon discovery of the breach, an investigation was launched to determine the nature and scope of the attack, and a comprehensive review was then conducted of all documents that were potentially accessed.

Refuah Health Center said it discovered on March 2, 2022, that the attackers had exfiltrated some files from its network that contained “a limited amount” of patients’ protected health information, including names in combination with one or more of the following data types: Social Security numbers, driver’s license numbers, state identification numbers, dates of birth, bank/financial account information, credit/debit card information, medical treatment/diagnosis information, Medicare/Medicaid numbers, medical record numbers, patient account numbers, and/or health insurance policy numbers. Notification letters started to be sent to affected individuals on April 29, 2022, and complimentary credit monitoring services have been offered to individuals whose Social Security numbers were potentially compromised.

While Refuah Health Center did not disclose further information about the nature of the attack, databreaches.net reports that the attack appears to have been conducted by the Lorenz ransomware gang, which added Refuah Health Center to its list of victims on its data leak site on June 11, 2021, although that entry has now been removed.

Quantum Imaging Therapeutic Associates

Lewisberry, PA-based Quantum Imaging Therapeutic Associates, a provider of specialized diagnostic radiology services, has recently sent notification letters to patients advising them that their protected health information was exposed in a data security incident that was detected and blocked on October 7, 2021.

At the time of issuing notification letters, no evidence had been found to indicate any patient data has been accessed or stolen by the attackers, although it was not possible to rule out the possibility. The compromised parts of its network contained patient data such as names, addresses, birth dates, Social Security numbers, and information related to the radiology services provided.

After blocking the attack, Quantum launched an investigation assisted by third-party IT specialists, and has now reviewed its network environment and made improvements to security. Quantum will also be monitoring the threat landscape closely and will take proactive actions to address new threats.  Affected individuals have been offered complimentary identity theft protection services.

The incident has yet to appear on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.

RiverKids Pediatric Home Health Reports Email Security Incident

RiverKids Pediatric Home Health in Texas has recently started notifying 3,494 patients that some of their protected health information has potentially been viewed or stolen as a result of an email security incident. On March 15, 2022, RiverKids discovered an unauthorized individual had gained access to the email account of an employee. The investigation into the breach determined multiple employee email accounts had been compromised, with the review of those accounts confirming they contained patient information such as names, birthdates, addresses, and health insurance member IDs. Financial information and Social Security numbers were not exposed.

RiverKids said additional email security measures have been implemented to prevent further security incidents.

The post Refuah Health Center Alerts 260K Patients About May 2021 Cyberattack appeared first on HIPAA Journal.

McKenzie Health System in Sandusky, MI, has recently started notifying 25,318 patients that some of their protected health information has been stolen in a recent security incident which has caused disruption to the operations of some of its systems. On March 11, 2022, suspicious activity was detected within its IT systems. Steps were immediately taken to secure those systems and a third-party investigator was engaged to determine the nature and scope of the security breach.

The investigation determined that an unauthorized individual had gained access to its network and exfiltrated files. The analysis of those files confirmed on April 22, 2022, that they contained patient information such as names, contact information, demographic information, dates of birth, Social Security numbers, diagnosis and treatment information, prescription information, medical record numbers, provider names, dates of service, and/or health insurance information.

McKenzie Health System provided information on the steps that affected individuals should take to protect against the misuse of their personal and protected health information in its notification letters and said complimentary credit monitoring and identity protection services have been offered to individuals whose Social Security numbers have been exposed or compromised. Additional safeguards and technical security measures have now been implemented to better protect sensitive data and to improve the monitoring of its systems.

Omnicell Reports Recent Ransomware Attack in SEC Filing

Omnicell, a Mountain View, CA-based provider of medication management systems, has recently disclosed in an 8-K filing with the Securities and Exchange Commission (SEC) that it was the victim of a ransomware attack. The ransomware attack was detected on May 4, 2022, and resulted in certain internal information technology systems being taken offline.

Omnicell said it is still investigating the attack and the full effects are not yet known, but the attack has had an impact on some of the company’s products and services. Omnicell took immediate action when the attack was detected to prevent further unauthorized access to its systems, its business continuity plans were implemented, and it started working on restoring its systems. At the current stage of the investigation, Omnicell has been unable to determine the impact the attack will have on the business, the results of operations, or the financial impact of the attack, nor whether any impact will have a material adverse effect. Third-party cybersecurity experts have been engaged and are assisting with the investigation and recovery and the cyberattack has been reported to law enforcement.

Omnicell also recently submitted its quarterly earnings, and in its 10-Q form to the SEC explained that significant disruptions to its IT systems could adversely affect the business, as the company relies on its IT systems for maintaining financial and corporate records, communicating internally and with external parties, and operating critical business functions.

Omnicell explained that it does create backups and stores them securely off-site, but that the business would be adversely affected if it was not possible to restore systems and data from backups within an acceptable time frame and the business would also be adversely affected if a data theft incident occurred that resulted in the loss of intellectual property. It is unclear at this stage whether any sensitive data was stolen prior to the encryption of files.

The post Cyberattacks Reported by McKenzie Health System & Omnicell appeared first on HIPAA Journal.