The New York Ambulance Service, Empress EMS (Emergency Medical Services), has confirmed it was the victim of a ransomware attack. The attack was detected on July 14, 2022, and resulted in files on certain systems being encrypted. According to the company’s website notification, steps were immediately taken to contain the incident and third-party forensics experts were engaged to investigate the attack.

The forensic investigation revealed the attackers first gained access to its network on May 26, 2022, and copied “a small subset of files “on July 13, 2022. Ransomware was then deployed to encrypted files on the network. A comprehensive review of the affected files confirmed they contained protected health information such as names, insurance information, dates of service, and, for some individuals, Social Security numbers. Empress EMS has reported the data breach to the HHS’ Office for Civil Rights as affecting up to 318,558 patients. Empress EMS has notified all affected individuals and has advised them to monitor their healthcare statements for accuracy and said credit monitoring services will be offered to certain individuals.  Empress EMS said steps have been taken to strengthen system security to prevent similar incidents in the future.

Empress EMS did not confirm which group was behind the attack; however, the Hive ransomware gang has claimed responsibility for the attack. Databreaches.net obtained a copy of the ransom note and a sample of the stolen data and reports that the files appear to contain the protected health information of Empress EMS patients. The Hive gang claims to have obtained the Social Security numbers of more than 100,000 patients, and customer information such as email addresses, addresses, passport numbers, phone numbers, payments, and working hours. Employee data was also compromised, along with contracts, NDAs, and other private company information.

At the time of publication, the stolen data is not listed on the Hive group’s data leak site, although some data was briefly uploaded. Typically, if the ransom is not paid the group follows through on its threat and publishes the stolen data.

The post New York Ambulance Service Discloses Ransomware Attack and 318K-Record Data Breach appeared first on HIPAA Journal.

Medical Associates of the Lehigh Valley in Pennsylvania (MATLV) has announced that it recently fell victim to a sophisticated ransomware attack on its network. The attack was detected on July 3, 2022, and immediate action was taken to contain the attack and prevent further unauthorized access to its network. Third-party forensics specialists were engaged to assist with the investigation and determine the nature and scope of the attack.

MATLV said the investigation did not uncover any evidence indicating the misuse of patient information, but parts of the network that were accessed by the attackers contained files that included the protected health information of 75,628 individuals, which may have been viewed or exfiltrated in the attack. The files contained names, addresses, email addresses, birth dates, Social Security numbers, driver’s license numbers, state ID numbers, health insurance provider names, medical diagnoses, treatment information, medications, and lab results. The types of information exposed in the attack varied from patient to patient.

Cybersecurity specialists evaluated the security measures that had been implemented prior to the attack and security has been reinforced based on their recommendations. Affected individuals have been encouraged to monitor their financial accounts and explanation of benefits statements and report any suspicious activity.

TennCare Reports Accidental Exposure of Patients’ PHI

TennCare, Tennessee’s state Medicaid program, has recently notified approximately 1,700 patients about the accidental exposure of some of their protected health information. According to a statement issued by TennCare officials, a new application was implemented that inadvertently associated people in one household with people in another household, if those households included some of the same people.

The issue was rapidly identified and corrected, but for a short period, the names and ages of affected people and their dependents would have been visible to other people who at one time were part of the same case file. For 15 individuals, more sensitive information was visible such as Social Security number, address, and date of birth. While the risk of misuse of information is believed to be low, affected individuals have been offered a 12-month complimentary membership to an identity theft protection and credit monitoring service, which includes a $1 million identity theft insurance policy.

The post Ransomware Attack on Medical Associates of the Lehigh Valley Affects 75K Patients appeared first on HIPAA Journal.

Over the Labor Day weekend, Oakbend Medical Center in Richmond, TX, suffered a ransomware attack. The attack started on Thursday, September 1, 2022, and saw files on its network encrypted. The medical center said its IT team took all systems offline to contain the attack, and the medical center operated under lockdown procedures while the attack was investigated by the Federal Bureau of Investigation (FBI), the Cyber-Defense Campus CYD), and the Fort Bend County Government Cyberteam.

The internal IT team ensured that all patient-centric systems were secured, and cybersecurity experts from Microsoft, Dell, and Malware Protects were engaged to investigate the attack and assess the security of its systems. Once those systems were cleaned, work commenced on rebuilding those systems and restoring them in a controlled and systematic manner. Disruption is continuing to be experienced, and there have been temporary communication issues for patients, vendors, doctors, and administrators; however, at no point was patient safety at risk and the medical center continued to operate.

In a September 9, 2022, update, Oakbend Medical Center said the recovery process is ongoing and there are still issues with the telephone and email systems, but it is working to resolve those issues as quickly as possible. While Oakbend Medical Center did not confirm whether files containing patient data were exfiltrated from its systems, the ransomware gang responsible for the attack – Daixin Team – claimed on its data leak site that files were stolen prior to file encryption that contained patient information such as names, dates of birth, medical record numbers, patient account numbers, Social Security numbers, and medical and treatment information. Some of the stolen data has been uploaded to the group’s data leak site. The group has threatened to release all of the stolen files, which are claimed to include the protected health information of more than 1 million patients. At the time of publication, it would appear that the ransom has not been paid and all communication between the medical center and Daixin Team has stopped.

Daixin Team is a relatively new threat group that is known to attack hospitals. In June 2022, the group conducted an attack on Fitzgibbon Hospital in Missouri and stole and published files containing sensitive patient data.

This post will be updated when further information about the attack is released and when the total number of affected patients is known.

The post Oakbend Medical Center Suffers Ransomware Attack appeared first on HIPAA Journal.

Birmingham, AL-based Henderson & Walton Women’s Center (HWWC) has recently notified 34,306 patients that some of their protected health information may have been compromised as a result of a hacker gaining access to the email account of one of its employees. HWWC said the forensic investigation of the data breach confirmed the attacker did not gain access to the email server and the breach was confined to the email account of one employee.

HWWC did not disclose when the email account was compromised but said there was a delay in issuing notification letters due to the lengthy process of reviewing all emails in the account to determine the types of information and specific individuals that had been affected. That process concluded on June 24, 2022.

HWWC said it had implemented encryption for all external emails, but the forensic investigation determined that stored emails may have been accessed. Those emails contained patient information such as names, dates of birth, Social Security numbers, medical information, health insurance information, driver’s license numbers, and state ID numbers. The information exposed varied from patient to patient.

Notification letters were sent to all affected individuals in August. As a precaution against identity theft and fraud, complimentary memberships have been offered to a credit monitoring service for 12 months. Steps have also been taken to improve the security of its email system, including implementing a new procedure for automatically deleting emails containing PHI after 3 days, and a system is being implemented that will prevent the sharing of any personal information via email.

Genesis Health Care Reports Cyberattack and Data Breach

Kennett Square, PA-based Genesis Health Care has recently notified the Montana Attorney General about a cyberattack that was detected on April 11, 2022. Suspicious activity was detected in certain IT systems, prompting a comprehensive investigation. Third-party digital forensics specialists were engaged to determine the nature and scope of the incident and help restore the functionality of its systems. The investigation confirmed on June 9, 2022, that files may have been accessed or exfiltrated from its systems between January 19, 2022, and April 11, 2022. A programmatic and manual review of the affected files confirmed on July 13, 2022, that they contained patient information including, but not limited to, names and Social Security numbers. Genesis Health Care said it is reviewing its policies and procedures and will evaluate additional measures and safeguards to prevent similar breaches in the future.

The breach has yet to appear on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

The post Data Breaches Reported by Henderson & Walton Women’s Center & Genesis Health Care appeared first on HIPAA Journal.

The Michigan law firm, Warner Norcross and Judd LLP, has issued notification letters to 255,160 individuals advising them about an October 2021 security breach in which files containing their personal and protected health information were potentially accessed and exfiltrated from its systems. The breach was detected on October 22, 2021. The substitute breach notification does not state when, and for how long, unauthorized individuals had access to its systems.

A digital forensics firm was engaged to investigate the nature and scope of the data breach and a programmatic and manual review was conducted on files on the affected parts of its network. The review confirmed that the files contained information such as names, dates of birth, Social Security numbers, driver’s license numbers, government-issued IDs, annual compensation amounts, benefit contribution information, credit card or debit card numbers, credit card or debit card PINs, financial account or routing numbers, passport numbers, patient account numbers, health information, and life insurance policy information.

Notification letters were sent to affected individuals in August and information was provided on the steps that individuals can take to reduce the risk of identity theft and fraud, but it would appear that credit monitoring and identity theft protection services are not being offered. The law firm said it will be taking steps to improve security to prevent further data breaches.

Medical Imaging Companies Confirms Breach of PHI

Gateway Diagnostic Imaging, which operates 12 medical imaging facilities in North Texas, and the Tucson, AZ-based medical imaging company, Radiology Ltd, have recently started notifying certain patients about a breach of systems that contained patient information. The data breach was detected on December 24, 2021, with the forensic investigation confirming that unauthorized individuals had access to its systems between December 17 and December 24, 2021.

The files on the affected systems contained information such as names, addresses, dates of birth, Social Security numbers, health insurance information, medical record numbers, patient account numbers, physician names, dates of service, and information related to the radiology services provided.

As a precaution against identity theft and fraud, affected individuals have been offered a complimentary 12-month membership to the Equifax Credit Watch Gold credit monitoring and identity theft protection service. Gateway Diagnostic Imaging and Radiology Ltd. said additional safeguards are being implemented to prevent further security breaches, and enhancements have been made to its monitoring capabilities.

The breach has yet to appear on the HHS’ Office for Civil Rights Breach portal so it is currently unclear how many individuals have been affected.

Health Insurers Confirm Members’ PHI was Compromised in OneTouchPoint Data Breach

Over the past few weeks, several health plans have confirmed that their members’ protected health information was compromised in a ransomware attack on the printing and mailing vendor OneTouchPoint. OneTouchPoint recently confirmed to the Maine Attorney General that the PHI of 2.65 million individuals was compromised in the attack. Initially, the breach was reported to the Maine Attorney General as affecting around 1.1 million individuals.

Arkansas Blue Cross and Blue Shield recently notified the HHS’ Office for Civil Rights that the PHI of 8,871 of its members was compromised in the attack, and Medical Mutual of Ohio has reported the breach as affecting 1,377 of its members.

The post Michigan Law Firm and Medical Imaging Companies Confirm Breaches of Patient Information appeared first on HIPAA Journal.

CorrectHealth Notifies 54,000 Patients About November 2021 Email System Breach

Alpharetta, GA-based CorrectHealth is notifying patients about a breach of its email environment. The breach was detected on November 10, 2021, with the investigation confirming several employee email accounts had been accessed by an unauthorized individual. Legal counsel for CorrectHealth said the third-party forensic investigation of the data breach concluded on January 28, 2022, and confirmed patients’ protected health information was present in the breached email accounts.

A comprehensive review of the affected accounts was conducted between March 2022 and July 2022 to determine the specific information that was affected, which confirmed names, addresses, and Social Security numbers had been exposed. CorrectHealth said it is unaware of any misuse of patient information.

Notification letters were sent on August 25, 2022, and complimentary credit monitoring and identity theft protection services have been offered to affected individuals. In response to the breach, CorrectHealth has implemented additional safeguards, including deploying an advanced phishing service, putting disclaimers on all externally received emails, implementing multi-factor authentication for administrative staff, and a single sign-on solution for clinical staff. CorrectHealth is also conducting weekly data security and monthly simulated phishing training for all employees.

The breach was reported to the Maine attorney general as affecting 54,066 individuals.

Email Accounts breached at Gifted Healthcare

Metairie, LA-based Gifted Healthcare has reported a security breach involving the protected health information of its patients. While the incident appeared to be confined to a single email account, the investigation revealed three email accounts had been compromised between August 25, 2021, and December 10, 2021. Gifted Healthcare did not say when the breach was detected, but the review of the affected email accounts was completed on July 25, 2022. Notification letters were sent to affected individuals on August 25, 2022.

Data compromised in the incident included names, addresses, driver’s license numbers, Social Security numbers, financial information, health insurance information, and medical information. The breach was reported to the Maine attorney general as affecting 13,770 individuals.

Ransomware Attack Impacts Brasseler Patients

Savannah, GA-based Peter Brasseler Holdings, LLC, has recently confirmed it was the victim of a ransomware attack. The attack was detected on June 24, 2022, with the investigation confirming files containing individuals’ protected health information were stored on parts of the affected systems and may have been viewed or obtained in the incident. The breach also affected its subsidiaries, Brasseler U.S.A. Dental, LLC and Brasseler U.S.A. Medical, LLC.

The investigation into the breach is ongoing, but it has been confirmed that the following types of information were potentially compromised: names, government-issued identification numbers such as Social Security numbers, driver’s license numbers, and passport numbers; financial account information, such as debit card and credit card numbers; medical and insurance information; and other information, such as dates of birth.

The breach was reported to the Maine attorney general as affecting 3,353 individuals. Affected individuals have been offered a complimentary 24-month membership to Experian’s IdentityWorks credit monitoring and identity theft protection service.

UF Health Shands Employee Snooped on Records of Almost 1,000 Patients

UF Health Shands has recently confirmed that a former employee accessed the records of 941 patients without authorization between April 27, 2021, and July 21, 2022. When the unauthorized access was detected, the employee’s access to patient information was suspended pending a full investigation, which confirmed that the employee viewed patient information such as names, addresses, phone numbers, diagnoses and conditions, and some health insurance information.

UF Health Shands said the individual is no longer employed by UF Health Shands.

The post PHI Compromised in Incidents at CorrectHealth, UF Health Shands, Peter Brasseler, & Gifted Healthcare appeared first on HIPAA Journal.

The number of individuals affected by the ransomware attack on the Hartland, WI-based mailing and printing vendor, OneTouchPoint, has now increased to 2,651,396 individuals, with Common Ground Healthcare Cooperative one of the latest organizations to confirm that it has been affected. Brookfield, WI-based Common Ground Healthcare Cooperative said 133,714 of its members were affected.

OneTouchPoint said it discovered the attack on April 28, 2022, when files on its systems were encrypted. A forensic investigation was launched to determine the nature and scope of the security breach, which revealed its servers were compromised on April 27, 2022, and certain files containing sensitive data were accessed.  The review of those files confirmed on July 15, 2022, that they contained the sensitive information of current and former employees and data of its customers. Customers were notified about the attack on June 3, 2022.

The breach involved employee information such as names, healthcare member IDs, and information provided during health assessments. Customers have reported the breach as involving names, subscriber ID numbers, diagnoses, medications, addresses, dates of birth, sexes, physician demographics information, family histories, social histories, allergies, vitals, immunizations, and other information.

Initially, the breach was reported as affecting 1.1 million individuals, but the total has now been increased to 2,651,396 individuals. At least 34 organizations are known to have been affected, including Matrix Medical Network breach also affected Blue Shield of California Promise Health plan Kaiser Permanente, Geisinger, Health First, UPMC Health Plan, Humana, Aetna ACE, Anthem Inc, and other Blue Cross Blue Shield affiliates.

OneTouchPoint is notifying certain individuals about the breach on behalf of some of its customers, but some customers have chosen to issue notifications themselves. OneTouchPoint said it is unaware of any misuse of the compromised information. Some of the affected customers have offered credit monitoring and identity theft protection services to their members.

At least one class action lawsuit has been filed against OneTouchPoint over the data breach.

The post OneTouchPoint Ransomware Victim Count Increases to 2.65 Million appeared first on HIPAA Journal.

Salida, CO-based First Street Family Health has suffered a destructive cyberattack, in which files containing patient information were exfiltrated and then deleted from its systems. This method of attack is becoming more common, where data is stolen, deleted, and then threats are issued to publish or sell the data if payment is not made to the attackers, but files are not encrypted using ransomware.

First Street Family Health said the attack was detected on July 16, 2022, with the investigation confirming that the attackers first gained access to its systems on July 5, 2022. The unauthorized access was blocked on July 16. The attackers deleted electronic medical records from June 28, 2021, to July 15, 2022, and while backups of those records had been made, the backups were also deleted so the information in those records has been lost. No evidence was found to indicate those records were stolen. Medical referral forms stored on the affected computer systems may have been viewed or acquired, but those records were successfully restored from backups.

The breached records included full names, addresses, birth dates, phone numbers, email addresses, Social Security numbers, dates of service, nature of services, diagnoses, conditions, lab results, medications, health insurance identification cards and numbers, and billing information.

Notification letters were sent to affected individuals on August 26, 2022, and complimentary memberships to CyberScout’s credit monitoring service have been offered. First Street Family Health said a national cybersecurity firm assisted with the investigation and conducted a security review, and additional security measures are being implemented based on the firm’s recommendations.

The incident has not yet appeared on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

Northeast Rehabilitation Hospital Network Notifies Patients About 2021 Cyberattack

Salem, NH-based Northeast Rehabilitation Hospital Network (NRHN) has started notifying patients that unauthorized individuals gained access to its computer systems and may have viewed or obtained sensitive data. The data breach was detected on September 30, 2021, when suspicious activity was detected within its network. The subsequent investigation confirmed its systems were compromised between September 30, 2021, and October 5, 2021.

NRHN said the delay in issuing notifications to affected individuals was due to the time-consuming process of reviewing all affected files on its systems, and that process was not completed until August 3, 2022. Notification letters are now being sent and individuals will be informed in those letters about the types of information that were involved. NRHN said it is unaware of any attempted or actual misuse of patient data. Credit monitoring and Identity theft protection services have been offered to affected individuals.

This post will be updated when the number of affected individuals is known.

The post Cyberattack and Data Destruction Reported by First Street Family Health appeared first on HIPAA Journal.