Marietta, OH-based Memorial Health System has been forced to divert emergency care due to a suspected ransomware attack.

The cyberattack occurred in the early hours of Sunday morning, with the health system forced to shut down IT systems to contain the attack. Emergency protocols were implemented due to the lack of access to essential IT systems, and the staff has been working with paper charts.

Memorial Health System operates three hospitals in Ohio and West Virginia, all of which have been affected by the attack. Since electronic health records were not accessible, patient safety was potentially put at risk, so the decision was taken to divert emergency patents.

“We will continue to accept: STEMI, STROKE and TRAUMA patients at Marietta Memorial Hospital. Belpre and Selby are on diversion for all patients due to radiology availability. It is in the best interest of all other patients to be taken to the nearest accepting facility,” according to an August 15 press release. “If all area hospitals on are diversion, patients will be transported to the emergency department closest to where the emergency occurred. This diversion will be ongoing until IT systems are restored.”

All urgent surgical appointments and radiology examinations on Monday were cancelled; however, all primary care appointments are going ahead as scheduled, although patients with appointments have been advised to call in advance to confirm.

“Maintaining the safety and security of our patients and their care is our top priority and we are doing everything possible to minimize disruption,” said Memorial Health System President and CEO Scott Cantley. “Staff at our hospitals – Marietta Memorial, Selby, and Sistersville General Hospital—are working with paper charts while systems are restored, and data recovered.”

An investigation into the breach has been launched, but it is too early to tell how much data, if any, have been compromised in the attack. Memorial Health System officials said they have not yet found evidence indicating the attackers obtained employee or patient data. IT experts are currently methodically investigating the breach to understand precisely how hackers gained access to its systems, the actions they took once access was gained, and which systems and files they viewed or downloaded.

The cyberattack has been reported to the FBI and the Department of Homeland Security, and the health system is working closely with its information technology partners to restore its systems and data as quickly as possible.

Bleeping Computer has reportedly seen evidence suggesting the Hive ransomware threat group was responsible for the attack. Like many other ransomware operations, the Hive ransomware gang is known for stealing data prior to using ransomware and has a leak site which is used to pressure victims into paying the ransom.

Bleeping Computer says evidence has been obtained suggesting databases containing the protected health information of around 200,000 patients were stolen in the attack, with the databases including names, dates of birth, and Social Security numbers.

The post Cyberattack Forces Memorial Health System to Divert Patients to Alternate Hospitals appeared first on HIPAA Journal.

Electromed Inc., a New Prague, MN-based developer and manufacturer of airway clearance devices, has announced it suffered a security breach in June 2021 in which unauthorized individuals gained access to certain IT systems.

Electromed said unauthorized activity was detected in its IT systems on June 16, 2021 and steps were immediately taken to prevent further unauthorized access. An investigation was launched to determine the source and scope of the breach and third-party cybersecurity experts were engaged to assist with the investigation.

Electromed determined the unauthorized third party accessed certain files that contained the personal and protected health information of its customers, as well as information of its employees and certain third-party contractors.  A comprehensive review was conducted of all files on the affected systems, which revealed they contained customers’ first and last names, mailing addresses, medical information, health insurance information and, for associates, Social Security numbers, driver’s license numbers, and financial account information.

While it is possible that the above types of information were obtained by the attackers, no evidence has been found to indicate misuse of the above information and no reports have been received of any cases of identity theft related to the security breach.

As a precaution against identity theft and fraud, complementary credit monitoring and identity theft protection services have been offered to affected individuals, who have been advised to check their credit reports, financial accounts, and explanation of benefits statements for any sign of fraudulent activity.

“Protecting the privacy of customers’ personal information is important to us, and we regret any inconvenience this incident may cause its customers,” said Electromed in its substitute breach notice. “To help prevent a similar incident from occurring in the future, we have taken steps to enhance the security of its systems, and continues to review its security protocols and processes, and enhancing employee training and education.”

The security breach has ben reported to the HHS’ Office for Civil Rights as affecting 47,200 individuals.

The post PHI of 47,000 Individuals Potentially Compromised in Electromed Inc. Data Breach appeared first on HIPAA Journal.

UNM Health has discovered an unauthorized third party gained access to its network and potentially viewed and exfiltrated files from its systems that contained patients’ protected health information. The security breach was discovered on June 4, 2021 and an investigation was immediately launched to determine the extent and scope of the breach.

UNM Health determined its systems were accessed by the unauthorized third-party on May 2, 2021 and files containing the protected health information of its patients, including those of UNM Hospital, UNM Medical Group, Inc., and UNM Sandoval Regional Medical Center Inc. were potentially compromised.

A comprehensive review of all files on the compromised parts of its network was conducted and it was confirmed they contained information such as names, addresses, dates of birth, medical record numbers, patient identification numbers, health insurance information, and some clinical information related to the healthcare services provided by UNM Health. The Social Security numbers of a limited number of patients were also potentially compromised in the breach. UNM Health said its medical record systems was not affected.

UNM Health started sending breach notification letters to all individuals potentially affected by the breach on August 3, 2021. Complimentary credit monitoring and identity theft protection services have been offered to all individuals whose Social Security number was exposed.

UNM Health has not disclosed the exact nature of the security incident but said it has implemented additional measures to improve the security of its systems to prevent similar attacks in the future and has also provided additional education to its workforce on information security.

The breach report submitted to the Department of Health and Human Services’ Office for Civil Rights indicates up to 637,252 patients have been affected by the breach, making this the 19^th largest healthcare data breach to be reported so far this year, and the largest ever breach to be reported by a New Mexico healthcare organization.

The post UNM Health Data Breach Affects More than 637,000 Patients appeared first on HIPAA Journal.

USA Waste-Management Resources, LLC has started notifying certain employees, former employees, and dependents covered by its self-administered health plan that some of their personal and protected health information was compromised in a January 2021 cyberattack.

Waste-Management Resources said suspicious activity was detected in its IT systems on January 21, 2021. An investigation was launched and, assisted by third party computer forensics specialists, Waste-Management Resources confirmed that an unauthorized individual had accessed its systems between January 21 and January 23, 2021 and that certain files were accessed and stolen in the attack.

An extensive review was conducted to determine if any files stored on the compromised parts of its network contained any sensitive information. That process was completed on June 21, 2021.

The review confirmed the following types of information had been exposed and have potentially been compromised: Names, Social Security numbers, taxpayer identification numbers, government ID numbers, state ID numbers, driver’s license numbers, dates of birth, financial/bank account numbers, debit/credit card numbers, medical history/treatment information, health insurance information, passport numbers, and username/email address and passwords for financial electronic accounts. Waste-Management Resources said it was not possible to tell which files were actually exfiltrated in the attack.

Notification letters started to be sent to affected individuals on August 11, 2021. Waste-Management Resources said, “While the investigation remains ongoing, we are taking steps now to implement additional safeguards and review policies and procedures relating to data privacy and security.”

Affected individuals have been advised to monitor their financial accounts for any sign of misuse of their personal data, and to obtain a free credit report from one of the three major credit monitoring bureaus and to consider placing a free fraud alert or a credit freeze on their files.  It does not appear that credit monitoring and identity theft protection services are being offered, despite the extensive and highly sensitive nature of data potentially compromised in the attack.

The post PHI of Employees Compromised in Cyberattack on Waste Management Firm appeared first on HIPAA Journal.

University Medical Center of Southern Nevada (UMC) has issued an update on a cyberattack it experienced in June 2021 and has now confirmed that some patient information was compromised in the attack.

The cyberattack occurred on June 14, 2021 and was conducted by a “by a well-known group of cybercriminals that seek to use the information for commercial gain,” according to a July 29, 201 UMC press release. UMC explained that suspicious activity was detected within its IT environment and prompt action was taken to remove the attackers from its network. UMC said the breach was contained the on June 15, with the initial investigation suggesting the attackers had gained access to certain file servers; however, the prompt action taken by its IT Division meant there was no disruption to patient care or its clinical systems.

Initially, UMC said it had no reason to believe any clinical systems were accessed by the attackers, although the investigation into the cyberattack was ongoing to establish the nature and scope of the cyberattack. The forensic investigation has now confirmed that certain files containing patients’ protected health information were compromised in the attack.

Those files contained information such as names, addresses, dates of birth, Social Security numbers, health insurance information, financial information, and some clinical information, including medical histories, diagnoses, and test results. UMC said no evidence has been found to indicate any specific misuse of patient information.

Notification letters are now being sent to all individual potentially affected by the attack and complimentary identity theft protection services are being provided.

UMC said it notified the FBI and Las Vegas Metropolitan Police Department about the attack and has been working closely with third-party cybersecurity consultants and will be implementing additional internal and external technology solutions to better protect patient data and prevent further cyberattacks.

The post University Medical Center of Southern Nevada Confirms PHI Compromised in June Cyberattack appeared first on HIPAA Journal.

The New Jersey specialist diagnostic testing laboratory A2Z Diagnostics has started notifying patients that some of their protected health information was contained in employee email accounts that were accessed by unauthorized individuals.

Upon discovery of the breach, email accounts were immediately secured and third-party cybersecurity consultants were engaged to investigate the breach and determine whether any emails or attachments had been accessed or obtained in the attack. A2Z Diagnostics learned on June 28, 2021 that the compromised accounts were breached between February 2, 2021 and April 2, 2021, and some of the accounts contained the personal and protected health information of individuals who had tests performed at its laboratory; however, no evidence was found that suggested any emails had actually been viewed or stolen in the attack.

The types of information in the accounts varied from individual to individual and may have included full names in combination with one or more of the following types of information:  Social Security number, date of birth, driver’s license or state identification number, medical diagnosis or clinical information, treatment type or location, doctor name, health insurance information and/or medical procedure information. A2Z said only a limited number of individuals who received testing services were affected.

Notification letters started to be sent to affected individuals on July 28. Credit monitoring services have been offered to the small number of individuals whose Social Security number was exposed.

A2Z said it has undertaken significant measures to improve its technical safeguards to minimize the risk of a similar incident in the future, including enhancing its multi-factor authentication software.

Vison for Hope Discovers Breach of Employee Email Account

The animal-assisted therapy charity Vision for Hope has discovered an unauthorized individual has gained access to the email account of one of its employees and potentially viewed or obtained the protected health information of some of its patients.

Upon discovery of the breach, an investigation was launched to determine the nature and scope of the cyberattack, which revealed the email account was compromised between February 14 and April 2, 2021. A comprehensive review of all emails in the account was completed on June 2, 2021, when it was confirmed that the following types of protected health information were potentially accessed: Name, date of birth, Social Security number, driver’s license number, financial account number, medical treatment or diagnosis information, and/or medical insurance information. The types of information exposed varied from individual to individual.

Vision for Hope said it has no reason to believe any information in the account has been misused for the purpose of committing fraud or identity theft. On August 3, 2021, Vision for Hope started sending notification letters to affected individuals and has offered complimentary credit monitoring and identity theft protection services to all individuals whose Social Security number and/or driver’s license number were potentially accessed.

Information security procedures are now being reinforced with its employees and changes are being made to reduce the likelihood of further breaches occurring.

The post Email Account Breaches Reported by A2Z Diagnostics and Vision for Hope appeared first on HIPAA Journal.

Long Island Jewish Forest Hills Hospital (LIJFH) has started notifying certain patients about an insider data breach involving their medical records.

LIJFH explained in its breach notification letters that an unauthorized medical record access incident came to light around January 24, 2020. LIJFH had been issued with a subpoena for documents in connection with a law enforcement investigation into a “No Fault” motor vehicle accident insurance scheme that referenced an LIJFH employee.

A review was conducted of access logs relating to its medical record system and it was determined that the now former employee had improperly accessed the medical records of patients. While no evidence was found to indicate any patient information had been misused, or that the former employee was in any way involved in the insurance scheme, the decision was taken to issue notification letters.

Notification letters were sent to all patients whose medical records had been accessed by the former employee during the period that the individual had access to patients’ medical records, irrespective of whether the patients had been involved in a motor vehicle accident. That period spanned from August 23, 2016 to October 31, 2017.

LIJFH said it has been fully cooperating with the law enforcement investigation and explained that notification letters to all patients had been delayed at the request of law enforcement so as not to interfere with the investigation. Notification letters started to be sent on August 5, 2021.

No credit card numbers or financial information were accessed by the employee, only the following types of information: name, date of birth, address, phone number, insurance information, internal medical record number, treatment location, treatment provider, date(s) of service, reason for visit, brief summary of the patient’s medical history, medications, test results, diagnoses, and/or other treatment-related information. The Social Security numbers of a limited number of patients were also potentially viewed.

LIJFH is offering complimentary credit monitoring and identity protection services to all individuals potentially affected by the incident for 12 months or longer if required by state law.

LIJFH has confirmed that the individual is no longer employed by LIJFH. Steps have been taken to prevent and identify any further breach of this nature, including enhancing security tools that monitor access to medical record applications. Audits of medical record access are also being conducted by its compliance department. LIJFH said all employees already receive ongoing training on HIPAA and patient privacy. Following the discovery of the breach, the front-line staff was re-trained.

The post Long Island Jewish Forest Hills Hospital Notifies Patients About Insider Breach appeared first on HIPAA Journal.

Patients and staff members at several nursing and rehabilitation facilities in Illinois are being notified that some of their protected health information has potentially been compromised in a cyberattack on Dynamic Health Care, Inc.

Dynamic Health Care provides consulting, administrative, and back office services to nursing and rehabilitation facilities in Illinois that require access to certain staff and patient data. On November 8, 2020, Dynamic Health Care discovered malware had been installed on certain computers within its network. An investigation was launched into the malware incident to determine the full nature and scope of the incident.

Dynamic Health Care confirmed an unauthorized individual had accessed its network on or around November 8, 2020 and on January 7, 2021, it was determined that during the time that access to the network was possible, the attacker potentially viewed or acquired information about staff and nursing home residents at facilities including Woodbridge Nursing Pavilion, Waterfront Terrace, Bridgeview Health Care Center, Willow Crest Nursing Pavilion, Ottawa Pavilion, and River North of Bradley Health & Rehabilitation Center.

A comprehensive review was conducted of all data on the affected computers, which confirmed that sensitive data had been exposed. The types of information potentially compromised in the attack varied from individual to individual and may have included name, date of birth, Social Security number, treating nursing care facility name, resident identification number, and dates of admission and/or discharge.

Dynamic Health Care has mailed notification letters to all individual affected by the incident. Dynamic Health Care said strict security measures had been implemented to protect all information in its possession, but these measures have now been strengthened following the breach. Additional training and education have also been provided to the workforce to help prevent further breaches in the future.

The post Dynamic Health Care Malware Attack Affects Multiple Nursing and Rehabilitation Facilities in Illinois appeared first on HIPAA Journal.