Email Accounts Compromised at UW Health and Medical Home Network

Posted by Steve Alder

Email accounts have been compromised at the University of Wisconsin Hospitals and Clinics Authority and the Medical Home Network in Illinois.

University of Wisconsin Hospitals and Clinics Authority Email Account Breach

The University of Wisconsin Hospitals and Clinics Authority (UW Health) recently provided an update on a security incident that was detected in late 2023. Suspicious activity was detected in an employee’s email account and the password was immediately changed to prevent further unauthorized access. A third-party cybersecurity firm was engaged to investigate the breach and it was determined on January 5, 2024, that the email account had been accessed by an unauthorized individual at various times between Sep. 20, 2023, and Dec. 5, 2023. Some of the emails in the account were viewed, and data may have been stolen.

The account was reviewed to determine the individuals affected and the types of information that had been exposed. The review was completed on February 9, 2024, and confirmed that the account contained names, dates of birth, medical record numbers, and clinical information, such as dates of service, provider names, and diagnoses. The emails did not contain any Social Security numbers, health insurance ID numbers, or financial information. The breach was recently reported to the HHS’ Office for Civil Rights as affecting 85,902 individuals.

The affected individuals have now been notified and while UW Health has not found any evidence of misuse of patient data, patients have been advised to exercise caution regarding any emails they receive that claim to be from UW Health or other healthcare providers, and to monitor their billing statements and to report any charges for services that have not been received. UW Health also said users of the UW Health MyChart portal have been targeted in the past with scams through the use of fraudulent websites and has urged all patients to be vigilant when callers or emails request personal information. Scammers may claim to be UW Health employees when contacting people by phone, may send phishing emails using stolen UW Health logos, or may send phishing text messages requesting login credentials or linking to malicious URLs.

Medical Home Network Email Environment Compromised

MHNU Corporation, which does business as Medical Home Network (MHN) in Illinois, has recently notified 681 individuals about the exposure of some of their protected health information. Suspicious activity was identified in MHN’s email environment on or around October 11, 2023. After securing its email accounts, independent cybersecurity experts were engaged to investigate and determine the cause of the activity. The forensic investigation confirmed that an unauthorized actor gained access to the email accounts of two employees between October 4, 2023, and October 12, 2023, and emails and attached files may have been viewed or acquired.

On April 12, 2024, MHN learned that the protected health information of current and former members of CountyCare, Wellness West, and NeueHealth were stored in the compromised accounts. Those companies were notified about the incident on February 16, 2024, and MHN coordinated with the companies to effectuate notification to the affected individuals. MHN said the breached information included first and last names, patient IDs, phone numbers, dates of birth, and medical information; however, no evidence of misuse of that information had been identified at the time of issuing notifications. MHN said it takes privacy and security seriously and has taken steps to prevent similar incidents in the future.

The post Email Accounts Compromised at UW Health and Medical Home Network appeared first on HIPAA Journal.

Cyberattacks Reported by Healthcare Providers in North Carolina, Rhode Island, & California

Posted by Steve Alder

Knowles Smith & Associates, which does business as Village Family Dental and operates 7 dentistry offices in North Carolina, recently notified 240,214 current and former patients that some of their protected health information was exposed in a November 2023 cyberattack.

Village Family Dental said anomalous activity was detected within its network on November 17, 2023. The affected systems were immediately taken offline and third-party cybersecurity experts were engaged to investigate the activity. The forensic investigation confirmed that there had been unauthorized access to its network, and on February 8, 2024, it was confirmed that files containing patient data were potentially viewed or acquired.

Dental records and other health information were not exposed, with the compromised data limited to names, patient ID numbers, provider names, addresses, dates of birth, chart numbers, telephone numbers, and email addresses. Village Family Dental said no evidence has been found to indicate any attempted or actual misuse of patient data. Notification letters were mailed to the affected individuals on April 8, 2024.

Village Family Dental said it has been working with third-party cybersecurity experts to evaluate and enhance its security practices to prevent similar incidents in the future and confirmed that “significant steps” have been taken to mitigate the risk to persons impacted by the cyberattack.

Valley Mountain Regional Center

On April 19, 2024, Valley Mountain Regional Center in California announced a data security incident that was detected on August 1, 2023. Unusual activity was detected within its network and immediate action was taken to secure its systems. The forensic investigation confirmed that unauthorized individuals had access to its network and exfiltrated files containing patient information on or around July 29, 2023.

A third-party vendor was engaged to review the affected files, and on February 20, 2024, confirmed that personal and protected health information was involved. The types of data involved varied from individual to individual and may have included names, Social Security numbers, taxpayer identification numbers, dates of birth, driver’s license numbers, username and password, biometric data, medical treatment and/or diagnosis information, and/or health insurance information. Valley Mountain Regional Center said it is unaware of any misuse of patient data. The affected individuals have been offered complimentary identity protection services through Cyberscout.

The breach has been reported to the HHS’ Office for Civil Rights, but it is not yet displayed on OCR’s breach portal, so it is currently unclear how many individuals have been affected.

Blackstone Valley Community Health Center

Blackstone Valley Community Health Center in Pawtucket, RI, has announced a cyberattack that occurred on November 11, 2023, which disrupted its computer network. After securing its network, third-party cybersecurity experts were engaged to investigate the cause of the disruption and determined that an unauthorized third party had access to its network.

The review of the exposed files was concluded on March 11, 2024, and confirmed that they contained patient data including names, Social Security numbers, and medical information. Notification letters were mailed to the affected individuals on April 18, 2024. The affected individuals have been offered single bureau monitoring, credit reporting, and credit score services at no charge, and network security has been enhanced to prevent similar breaches in the future. The breach was recently reported to the Maine Attorney General as affecting up to 34,416 individuals.

The post Cyberattacks Reported by Healthcare Providers in North Carolina, Rhode Island, & California appeared first on HIPAA Journal.