Cleveland, OH-based Parker-Hannifin Corporation, a manufacturer of motion and control technologies, has recently announced that unauthorized individuals have gained access to some of its IT systems and may have acquired files containing the sensitive information of current and former employees, their dependents, and other individuals affiliated with the company.

Suspicious activity was detected within its IT environment on March 14, 2022. The forensic investigation confirmed its systems were accessed by unauthorized individuals between March 11, 2022, and March 14, 2022. A comprehensive review of the affected files confirmed they contained information such as names, birth dates, addresses, Social Security numbers, driver’s license numbers, passport numbers, financial account information such as bank account and routing numbers, and online account usernames and passwords. Current and former members of the Parker Group Health Plan, or a health plan sponsored by an entity acquired by Parker, may also have had their enrollment information compromised, which includes health insurance plan member ID number and dates of coverage.

The breach has been reported to the HHS’ Office for Civil Rights as affecting 119,513 group health plan members. Affected individuals have been notified and offered a complimentary 2-year membership to Experian’s IdentityWorks identity theft protection and resolution services.

Behavioral Health Partners of Metrowest Reports Data Theft Incident

Framingham, MA-based Behavioral Health Partners of Metrowest (BHPMW) has notified 11,288 individuals that some of their protected health information has been copied from its systems by an unauthorized individual. BHPMW learned of the data breach on October 1, 2022, with the forensic investigation confirming the unauthorized individual accessed its systems and removed data on September 14 and September 18, 2021.

The stolen data related to the Behavioral Health Community Partner Program which BHPMW operates under contract with MassHealth, in collaboration with the Advocates, Family Continuity, SMOC, Spectrum Health Systems, and Wayside Youth and Family Support provider agencies and included names, addresses, Social Security numbers, birth dates, client identification numbers, health insurance information, and medical diagnosis/treatment information. BHPMW is unaware of any attempted or actual misuse of the stolen information.

Notification letters were sent to affected individuals on May 11, 2022, and those individuals have been offered complimentary credit monitoring and identity protection services.

Vail Health Services Data Security Incident Affects 17,000 Patients

A data security incident at Vail Health in Colorado has resulted in the exposure and potential theft of the protected health information of 17,039 patients. Vail Health said it started experiencing disruption to its network systems and launched an investigation which revealed on April 5, 2022, that an unauthorized individual had gained access to its systems on February 11, 2022.

The compromised systems contained a small number of files that included information about individuals who received COVID-19 tests from Vail Health, such as names, birth dates, contact information, encounter numbers, and COVID-19 test results. No Financial information, health insurance information, or Social Security numbers were exposed or compromised.

The systems already had controls that restricted access to limited individuals. Additional security measures have now been implemented to further restrict access.

The post Parker-Hannifin Cyberattack Affects Almost 120,000 Health Plan Members appeared first on HIPAA Journal.

The Irving, TX-based nonprofit health system, Christus Health, which operates more than 600 healthcare facilities in Texas, Arkansas, Louisiana, and New Mexico, has announced it has recently identified suspicious activity in its computer systems and blocked an attempted cyberattack. The prompt action taken by the Christus IT team severely limited the scope of the attack and prevented the incident from impacting its patient care and clinical operations. Christus Health said it is working with third-party cybersecurity experts to investigate and determine the extent of the security breach.

A relatively new ransomware threat group called AvosLocker has claimed credit for the attack. AvosLocker operates under the ransomware-as-a-service (RaaS) model and was first identified in July 2021. The threat group engages in double extortion tactics and is known to exfiltrate data prior to file encryption, then threatens to auction the stolen data if the ransom is not paid.

The number of attacks conducted by Avosocker has been steadily growing, with data from Trend Micro indicating at least 30 attacks were conducted in January 2022, and 37 in February. The gang is known to exploit unpatched vulnerabilities to gain access to victim networks and is reported to use compromised RDP and VPN credentials. The location of the RaaS operation is not known, but it is probable that they are based in Russia or a Post-Soviet state since the group does not permit attacks in those countries. In March 2022, a joint cybersecurity advisory was issued by the FBI and the Department of the Treasury which provided Indicators of Compromise associated with AvosLocker.

Avoslocker has been targeting critical infrastructure entities in the United States, including healthcare organizations. One of the most recent victims was McKenzie Health System in Michigan, which was attacked by the gang in March 2022. The protected health information of 25,318 patients was potentially stolen in that attack, a sample of which was allegedly uploaded to the AvosLocker dark web leak site.

AvosLocker has uploaded a sample of data to its dark web leak site which was allegedly stolen in the attack on Christus Health. At this stage, the extent to which patient data has been affected has not been determined.

The post AvosLocker Claims Credit for Christus Health Ransomware Attack appeared first on HIPAA Journal.

The Manchester, NH-based medical equipment company, NuLife Med LLC, has recently announced it was the victim of a cyberattack in March 2022. Suspicious network activity was detected on or around March 11, 2022, and steps were immediately taken to prevent further unauthorized network access. An investigation was launched to determine the nature and scope of the attack and to allow its network and systems to be restored. The investigation confirmed that unauthorized individuals had accessed its network between March 9 and March 11, 2022, and potentially viewed and exfiltrated files from its systems.

It was not possible to determine which files had been viewed or removed from its systems, nor the exact number of files that had been accessed or exfiltrated. Notification letters have therefore been sent to all individuals potentially affected. The review of the files revealed they mostly contained protected health information such as names, addresses, medical information, and/or health insurance information. A limited number of individuals have also had their Social Security numbers, driver’s license information, and/or financial account or credit card information exposed.

NuLife Med said it is currently reviewing records to try to determine which individuals have had information beyond medical and/or health insurance information impacted, and additional notifications will be sent to those individuals when the breach investigation has concluded. NuLife said no reports have been received to date to indicate any patient information has been misused.

The data breach has been reported to the HHS’ Office for Civil Rights as affecting 81,244 individuals.

Ransomware Attack Affects 28,000 FPS Medical Center Patients

FPS Medical Center in Lake Havasu City, AV, has recently announced it was the victim of a malware incident that encrypted files on its network. The security breach was detected on March 3, 2022, with the subsequent investigation determining its systems were first breached on February 28, 2022. Unauthorized access was blocked on March 3, 2022.

A forensic investigation was conducted to determine whether patient information was accessed or exfiltrated, but it was not possible to tell if any files had been viewed or downloaded, although the possibility of unauthorized access and data theft could not be ruled out.

A review was conducted of all files on the parts of the network that were affected, which concluded on April 25, 2022. The files contained full names, addresses, birth dates driver’s license information, medical information such as treatment and diagnosis information, health insurance information, and limited Social Security numbers.

Notification letters have now been sent to the 28,024 patients whose protected health information has potentially been compromised. FPS Medical Center said it is reviewing its policies and procedures and will implement additional administrative and technical safeguards to further secure the information in its systems.

Schneck Medical Center Announces Cyberattack and Data Theft Incident

Schneck Medical Center in Seymour, IN, has started notifying certain patients that some of their protected health information was contained in files that were exfiltrated from its systems.

The medical center did not state in its notification whether the security incident was detected but said an extensive forensic investigation and manual document review were conducted which determined on March 17, 2022, that files had been exfiltrated from its systems on or around September 29, 2021.

The files contained names along with one or more of the following data types: Address, date of birth, medical record number, other internal identification numbers, driver’s license/state identification numbers, medical diagnosis and conditions information, and health insurance/claims information. The files also contained limited Social Security numbers, financial account information, and payment card information.

Schneck Medical Center said no evidence was found to indicate any actual or attempted misuse of patient data; however, as a precaution, individuals potentially at risk have been offered complimentary credit monitoring services. Notification letters were sent to affected individuals on May 13, 2022.

A review has been conducted of its security systems, policies, and procedures, and additional security measures are being implemented to prevent similar incidents in the future.

The post Cyberattacks Reported by Schneck Medical Center, NuLife Med, & FPS Medical Center appeared first on HIPAA Journal.

Refuah Health Center in New York has recently started notifying 260,740 patients about a security breach that occurred almost a year ago. According to the April 29, 2022, notification on the healthcare provider’s website, “We recently discovered unauthorized access to our network occurred between May 31, 2021, and June 1, 2021.” Upon discovery of the breach, an investigation was launched to determine the nature and scope of the attack, and a comprehensive review was then conducted of all documents that were potentially accessed.

Refuah Health Center said it discovered on March 2, 2022, that the attackers had exfiltrated some files from its network that contained “a limited amount” of patients’ protected health information, including names in combination with one or more of the following data types: Social Security numbers, driver’s license numbers, state identification numbers, dates of birth, bank/financial account information, credit/debit card information, medical treatment/diagnosis information, Medicare/Medicaid numbers, medical record numbers, patient account numbers, and/or health insurance policy numbers. Notification letters started to be sent to affected individuals on April 29, 2022, and complimentary credit monitoring services have been offered to individuals whose Social Security numbers were potentially compromised.

While Refuah Health Center did not disclose further information about the nature of the attack, databreaches.net reports that the attack appears to have been conducted by the Lorenz ransomware gang, which added Refuah Health Center to its list of victims on its data leak site on June 11, 2021, although that entry has now been removed.

Quantum Imaging Therapeutic Associates

Lewisberry, PA-based Quantum Imaging Therapeutic Associates, a provider of specialized diagnostic radiology services, has recently sent notification letters to patients advising them that their protected health information was exposed in a data security incident that was detected and blocked on October 7, 2021.

At the time of issuing notification letters, no evidence had been found to indicate any patient data has been accessed or stolen by the attackers, although it was not possible to rule out the possibility. The compromised parts of its network contained patient data such as names, addresses, birth dates, Social Security numbers, and information related to the radiology services provided.

After blocking the attack, Quantum launched an investigation assisted by third-party IT specialists, and has now reviewed its network environment and made improvements to security. Quantum will also be monitoring the threat landscape closely and will take proactive actions to address new threats.  Affected individuals have been offered complimentary identity theft protection services.

The incident has yet to appear on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.

RiverKids Pediatric Home Health Reports Email Security Incident

RiverKids Pediatric Home Health in Texas has recently started notifying 3,494 patients that some of their protected health information has potentially been viewed or stolen as a result of an email security incident. On March 15, 2022, RiverKids discovered an unauthorized individual had gained access to the email account of an employee. The investigation into the breach determined multiple employee email accounts had been compromised, with the review of those accounts confirming they contained patient information such as names, birthdates, addresses, and health insurance member IDs. Financial information and Social Security numbers were not exposed.

RiverKids said additional email security measures have been implemented to prevent further security incidents.

The post Refuah Health Center Alerts 260K Patients About May 2021 Cyberattack appeared first on HIPAA Journal.

McKenzie Health System in Sandusky, MI, has recently started notifying 25,318 patients that some of their protected health information has been stolen in a recent security incident which has caused disruption to the operations of some of its systems. On March 11, 2022, suspicious activity was detected within its IT systems. Steps were immediately taken to secure those systems and a third-party investigator was engaged to determine the nature and scope of the security breach.

The investigation determined that an unauthorized individual had gained access to its network and exfiltrated files. The analysis of those files confirmed on April 22, 2022, that they contained patient information such as names, contact information, demographic information, dates of birth, Social Security numbers, diagnosis and treatment information, prescription information, medical record numbers, provider names, dates of service, and/or health insurance information.

McKenzie Health System provided information on the steps that affected individuals should take to protect against the misuse of their personal and protected health information in its notification letters and said complimentary credit monitoring and identity protection services have been offered to individuals whose Social Security numbers have been exposed or compromised. Additional safeguards and technical security measures have now been implemented to better protect sensitive data and to improve the monitoring of its systems.

Omnicell Reports Recent Ransomware Attack in SEC Filing

Omnicell, a Mountain View, CA-based provider of medication management systems, has recently disclosed in an 8-K filing with the Securities and Exchange Commission (SEC) that it was the victim of a ransomware attack. The ransomware attack was detected on May 4, 2022, and resulted in certain internal information technology systems being taken offline.

Omnicell said it is still investigating the attack and the full effects are not yet known, but the attack has had an impact on some of the company’s products and services. Omnicell took immediate action when the attack was detected to prevent further unauthorized access to its systems, its business continuity plans were implemented, and it started working on restoring its systems. At the current stage of the investigation, Omnicell has been unable to determine the impact the attack will have on the business, the results of operations, or the financial impact of the attack, nor whether any impact will have a material adverse effect. Third-party cybersecurity experts have been engaged and are assisting with the investigation and recovery and the cyberattack has been reported to law enforcement.

Omnicell also recently submitted its quarterly earnings, and in its 10-Q form to the SEC explained that significant disruptions to its IT systems could adversely affect the business, as the company relies on its IT systems for maintaining financial and corporate records, communicating internally and with external parties, and operating critical business functions.

Omnicell explained that it does create backups and stores them securely off-site, but that the business would be adversely affected if it was not possible to restore systems and data from backups within an acceptable time frame and the business would also be adversely affected if a data theft incident occurred that resulted in the loss of intellectual property. It is unclear at this stage whether any sensitive data was stolen prior to the encryption of files.

The post Cyberattacks Reported by McKenzie Health System & Omnicell appeared first on HIPAA Journal.

Unauthorized individuals have gained access to the systems of Eye Care Leaders, a provider of electronic health records and patient management software solutions for eye care practices. On or around December 4, 2021, hackers gained access to its myCare Identity solution and deleted databases, systems configuration files, and data.

Eye Care Leaders said its incident response team immediately stopped the unauthorized activity when the breach was detected and launched an investigation into the security breach. The investigation is ongoing, but notifications have now been sent to affected ophthalmology and optometry practices.

While the investigation has not uncovered evidence to suggest the attackers viewed or exfiltrated sensitive data, the possibility of unauthorized data access and theft could not be ruled out. The types of information that have been exposed included patient names, dates of birth, medical record numbers, health insurance information, Social Security numbers, and information regarding the care received at the affected eye care practices. The breach was confined to the myCare Identity solution. The systems of eye care providers that use the solution were not compromised. It is currently unclear how many individuals have been affected by the breach. The Eye Care Leaders website states that it provides software solutions to more than 9,000 ophthalmologists and optometrists.

Kirkland, WA-based EvergreenHealth has also been affected, and sent notifications to 20,533 patients on April 22, 2022, and confirmed that the breach only affected data related to the EvergreenHealth Eye Care Clinic. If any non-eye care medical services had been received at EvergreenHealth, the information would not have been stored in the affected system. EvergreenHealth said it is examining its relationship with Eye Care Leaders and assessing the security safeguards that have been implemented.

Nashville, TN-based Summit Eye Associates sent notifications to affected patients on April 28, 2022, and has reported the breach to the HHS’ Office for Civil Rights as affecting up to 53,818 individuals.

The post Eye Care Leaders Hack Impacts Tens of Thousands of Patients appeared first on HIPAA Journal.

Illinois Gastroenterology Group has recently announced that unauthorized individuals gained access to its computer environment and potentially accessed and exfiltrated sensitive patient data. The cyberattack was detected on October 22, 2021, when suspicious activity was identified within its computer network.

Third-party cybersecurity specialists were engaged to investigate the attack and determine the nature and scope of the incident. On November 18, 2021, Illinois Gastroenterology learned that the parts of its systems that were accessed by unauthorized individuals contained patient information such as names, addresses, birth dates, Social Security numbers, driver’s license numbers, passport numbers, financial account information, payment card information, employer-assigned identification numbers, medical information, and biometric data.

Illinois Gastroenterology said it was not possible to rule out unauthorized viewing or theft of files containing patient data, but at the time of issuing notification letters, no reports had been received to suggest any fraudulent misuse of the impacted information. The review of the affected files was completed on March 22, 2022, and notification letters have now been sent to affected individuals.

In response to the breach, policies and procedures related to network security were reviewed and augmented, the implementation of an enhanced managed Security Operations Center was accelerated, and multi-factor authentication has been implemented. While the security breach was not confirmed as involving ransomware, Illinois Gastroenterology said a new endpoint detection and response platform has been deployed that has policies enabled specifically for ransomware.

The data breach has recently been reported to the HHS’ Office for Civil Rights as affecting up to 227,943 patients.

Data of Patients of the Mental Health Center of Greater Manchester has been Exposed

The Mental Health Center of Greater Manchester (MHCGM) in New Hampshire has announced that patient data was potentially compromised in a cyberattack at a third-party community mental health services partner, Center for Life Management (CLM), which was used for data storage.

On February 21, 2022, CLM’s systems were accessed by an unauthorized individual. The attack was detected on February 23, 2022, and systems were immediately secured to prevent further unauthorized access. The breach was confined to CLM’s systems and the security of MHCGM’s systems was not affected.

CLM investigated the incident and it was confirmed on April 11, 2022, that the attackers potentially accessed and exfiltrated files containing patient information such as names, addresses, birth dates, Social Security numbers, diagnoses, medical information, discharge information, and treatment locations and/or healthcare providers.

No evidence was found to indicate any specific information was viewed or obtained by unauthorized individuals as a result of the attack; however, affected individuals have been offered 12 months of complimentary credit monitoring.  MHCGM said it is no longer using CLM for data storage and is working on removing all data from CLM’s systems.

The incident is not yet showing on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many patients have been affected.

The post Hacking Incidents Reported by Illinois Gastroenterology Group & the Mental Health Center of Greater Manchester appeared first on HIPAA Journal.

Healthplex Inc., one of the largest providers of dental insurance in New York state, has announced that the email account of an employee was compromised in a phishing attack on November 24, 2021. Upon discovery of the breach, the email account was immediately secured to prevent further unauthorized access and an investigation was launched to determine the nature and scope of the breach.

On April 5, 2021, Healthplex confirmed that the email account contained the personal and protected health information of 89,955 individuals who had previously enrolled in its dental plans. The exposed information varied from individual to individual and may have included first and last names in combination with one or more of the following data types:

Address, group name and number, member ID number, plan affiliation, date of birth, date of service, provider name, ADA codes and their description, billed/paid amounts, prescription drug names, Social Security number, banking information, credit card number, username and password for the member portal, email address, phone number, and driver’s license number.

Healthplex said notification letters were sent to affected individuals on April 15, 2022, who have been offered complimentary identity theft protection services through Lifelock. Steps have also been taken to improve the security of its email environment to prevent similar breaches in the future.

Optima Dermatology Email Breach Affects Almost 60,000 Patients

Optima Dermatology Holdings has announced it has experienced an email security incident that resulted in the exposure of the protected health information of patients of The Dermatology Center of Indiana and Advanced Dermatology & Skin Cancer Center.

Optima Dermatology did not disclose when the email security breach was discovered but said that after an extensive forensic investigation it was determined on February 17, 2022, that the breach was limited to a single email account, which was accessed by an unauthorized individual between August 30, 2021, and September 2, 2021.

A review of the email account revealed it contained the protected health information of 59,872 individuals, such as full names, birth dates, medical treatment and/or conditions information, health insurance claims and/or application information, health insurance policy and/or subscriber numbers, and medical record numbers. No evidence was found to indicate Social Security numbers, driver’s license numbers, or financial account/payment card information were exposed or compromised.

Optima Dermatology said notification letters were sent to affected individuals on April 18, 2022, and additional safeguards have been implemented to prevent further attacks.

The post Email Security Incidents Reported by HealthPlex and Optima Dermatology appeared first on HIPAA Journal.

Salusive Health, the developer of the myNurse platform which helps physician practices streamline disease management, has experienced a cyberattack in which patient data was compromised.

In its breach notification letters to patients, Salusive Health explained that it identified unauthorized activity within its computer network on March 7, 2022, and immediately implemented containment, mitigation, and restoration efforts, and engaged third-party cybersecurity experts to assist with those processes. The investigation confirmed that unauthorized individuals accessed the personal and protected health information of patients, including name, gender, home address, phone number, email address, date of birth, medical history, diagnosis and treatment information, dates of service, lab test results, prescription information, provider name, medical account number, health insurance policy and group plan number, group plan provider, and claim information.

Salusive Health said it implemented additional security measures to prevent further breaches, has notified affected individuals and offered free identity theft protection services, and reported the cyberattack to the Federal Bureau of Investigation. The incident has not yet appeared on the HHS’ Office for Civil Rights’ breach portal, so it is unclear at this stage how many individuals have been affected.

Salusive Health also explained in the breach notification letters that the difficult decision has been taken to cease clinical operations by the end of business on May 31, 2022, which will allow patients to hand their chronic care management and remote monitoring services back to their primary care physicians. Salusive Health said the decision to cease operations is unrelated to the data security incident.

New Creation Counseling Center Ransomware Attack Affects 24,000 Patients

New Creation Counseling Center (NCCC) in Tipp City, OH, has recently started notifying 24,029 patients that some of their protected health information has potentially been compromised in a recent cyberattack.

A breach of its IT systems was detected on February 13, 2022, when users were prevented from accessing files on the network. Steps were immediately taken to prevent further unauthorized access, and an investigation was launched to determine the nature and scope of the breach. NCCC confirmed ransomware had been used to encrypt files, and third-party cybersecurity consultants have been assisting with the response and recovery.

NCCC said care continued to be provided to patients throughout and the ransomware has been confirmed as having been eradicated from its systems. While the investigation uncovered no evidence of data theft, it was not possible to rule it out. A review of files on the affected systems confirmed they contained names, telephone numbers, addresses, email addresses, birthdates, Social Security numbers, health insurance information, intake forms, medical releases, and treatment records.

Notifications were sent to affected individuals starting on April 12, 2022, and one year of credit monitoring services has been offered to patients at no cost.

The post Salusive Health Closes Business Following Cyberattack appeared first on HIPAA Journal.