Foursquare Healthcare Ltd, a Rockwall, TX-based operator of short-term rehabilitation, skilled nursing, and long-term nursing care facilities has recently confirmed it experienced a ransomware attack in September. The ransomware attack was detected on September 27, 2023, and the forensic investigation confirmed the attackers accessed its network between September 27, 2023, and September 29, 2023, and acquired certain files that contained employee and patient information. The information in the files varied from individual to individual and included names along with one or more of the following: address, billing information, Social Security number, banking information, and clinical information regarding care received at its clinics.

The attack did not cause any material disruption to Foursquare care or services and no evidence has been found to indicate that any of the stolen data has been misused for identity theft or fraud. Foursquare said it has received assurances that all of the stolen data has been deleted. That usually, but not always, means the ransom was paid. Foursquare said it believes the incident has been contained and it will continue to monitor its systems for unauthorized activity.

The breach has recently been reported to the HHS’ Office for Civil Rights as involving the protected health information of 10,890 patients. Foursquare has offered the affected individuals two years of complimentary credit monitoring and identity theft protection services and while assurances were provided that the stolen data has been deleted, Foursquare encourages the affected patients and employees to be vigilant against identity theft and fraud.

Hi-School Pharmacy Suffers Ransomware Attack

The Vancouver, WA-based drug store chain, Hi-School Pharmacy, has recently notified the Maine Attorney General about a data breach that has affected 17,676 individuals. On November 3, 2023, Hi-School Pharmacy experienced a cyberattack that caused network disruption. The forensic investigation confirmed on November 21, 2023, that the attackers had access to parts of the network that contained protected health information including names and Social Security numbers. Notification letters were sent to the affected individuals on November 5, 2023. Credit monitoring and identity theft protection services have been offered to the affected individuals.

The post Ransomware Attacks Reported by Foursquare Healthcare and Hi-School Pharmacy appeared first on HIPAA Journal.

Ontario, CA-based Prime Healthcare has been affected by a data breach at its revenue cycle management vendor, CBIZ KA. The vendor used Progress Software’s MOVEit Transfer solution, a zero-day vulnerability in which was exploited by the Clop hacking group in late May 2023. Prime Healthcare received a copy of the stolen files from CBIZ KA on September 20, 2023, and has confirmed that they contained names in combination with one or more of the following: date of birth, address, medical record number, Social Security Number, admission date, and discharge date.

Prime Healthcare operates 45 hospitals, although only 9 were affected: Saint Clare’s Hospital, Saint Michael’s Medical Center, and St. Mary’s General Hospital in New Jersey, Roxborough Memorial Hospital, Lower Bucks Hospital, and Suburban Community Hospital in Pennsylvania, Garden City Hospital and Lake Huron Medical Center in Michigan, and Landmark Medical Center in Rhode Island. Individuals whose Social Security numbers were involved have been offered complimentary credit monitoring and identity protection services.

PHI Compromised in Cyberattack on Sierra County, CA

Sierra County in California experienced a “sophisticated cyberattack” on or around February 21, 2023. Sierra County detected the breach on March 5, 2023, secured its systems to prevent further unauthorized access, and engaged third-party cybersecurity experts to investigate the breach. The investigation revealed the attackers had access to parts of the network that contained information such as names, addresses, dates of birth, email addresses, phone numbers, Social Security numbers, driver’s license or government ID numbers, medical/prescription or health insurance related information, drug or alcohol screening results, credit or debit card numbers, biometric data, or financial account/routing numbers. No evidence has been found that indicates actual or attempted misuse of the impacted data. The Department of Public Health and Department of Behavioral Health confirmed that the protected health information of 2,463 individuals was exposed and potentially stolen in the attack.

Email Account Breach Reported by Advarra, Inc.

Advarra, Inc., a Columbia, MD-based provider of integrated research compliance solutions, has discovered unauthorized access to an employee email account. The email account breach was detected on October 26, 2023, and the account was immediately disabled. The forensic investigation confirmed that the breach was limited to a single account, with the unauthorized access commencing on October 25, 2023. The attacker copied information from the account that included names and Social Security numbers. The breach was recently reported to the Maine Attorney General as affecting 1,782 individuals. No evidence of misuse of the stolen data has been identified; however, as a precaution, affected individuals have been offered complimentary credit monitoring services for 24 months and those individuals are being encouraged to take advantage of those services.

The post 9 Prime Healthcare Hospitals Affected by MOVEit Data Breach appeared first on HIPAA Journal.