Proliance Surgeons, a Seattle, WA-based surgical group that has around 100 locations in Washington state, has notified 437,392 individuals that some of their protected health information may have been stolen in a ransomware attack earlier this year. The breach notice on the website of Proliance Surgeons states that a forensic investigation was conducted by third party cybersecurity experts which confirmed that some files had been removed from its network before files were encrypted.

On May 24, 2023, it was confirmed that files containing patients’ protected health information may have been accessed or acquired on February 11, 2023. At the time it was unclear exactly how many individuals had been affected. A comprehensive review was conducted of all files potentially accessed or acquired in the attack, which confirmed they contained names in combination with one or more of the following: date of birth, Social Security number, medical treatment information, health insurance information, phone number, email address, financial account number, driver license or other identification information, and usernames and passwords.

Proliance Surgeons said immediate action was taken to protect patients’ private information and cybersecurity protocols have since been enhanced. There is no mention of credit monitoring or identity theft protection services. At least one lawsuit has already been filed against Proliance Surgeons in response to the breach.

Medical College of Wisconsin Says 240,000 Individuals Affected by MOVEIt Transfer Hack

The Medical College of Wisconsin (MCW) has confirmed that the protected health information of 240,667 individuals was stolen by the Clop hacking group, which exploited a zero day vulnerability in Progress Software’s MOVEit Transfer solution.  MCW was contacted on May 31 by Progress Software and implemented the patch and recommended mitigation measures but discovered the vulnerability had already been exploited on or around May 27, 2023.

The forensic investigation and document review was completed on or around September 21, 2023, and confirmed that the stolen data included full names, dates of birth, Social Security numbers, driver’s license/government identification numbers, financial account information, medical record/patient account number(s), medical diagnosis/treatment information, medical provider name(s), lab results, prescription information, and health insurance information.

Notification letters started to be mailed to the affected individuals on November 14, 2023. Individuals who had their Social Security numbers stolen have been offered complimentary credit monitoring and identity theft protection services.

Data Stolen in Ransomware Attack on Rock County, Wisconsin

Legal Counsel for Rock County in Wisconsin has issued notification letters about a cyberattack and data breach that affected 25,823 individuals. According to the notification letters, suspicious activity was detected within its computer systems on or around September 29, 2023. The forensic investigation confirmed that unauthorized individuals had access to its network between September 22, 2023, to September 30, 2023, and during that time, acquired certain files from its network.

A review of the affected files was initiated to determine the individuals affected and the types of data stolen in the attack. That review is ongoing, but it has been confirmed that the data impacted included names and Social Security numbers. Complimentary credit monitoring services have been offered to the affected individuals.

The nature of the attack was not disclosed, other than the attack involving data theft. The HIPAA Journal has confirmed that this was a ransomware attack by the Cuba ransomware group, which has listed Rock County on its data leak site. Victims are therefore strongly advised to take advantage of the credit monitoring services being offered.

The post Almost 440,000 Individuals Affected by Cyberattack on Proliance Surgeons appeared first on HIPAA Journal.