The City of Philadelphia is investigating a breach of its email environment. Suspicious activity was detected in its email environment on May 24, 2023; however, according to a recent announcement, unauthorized activity continued for a further two months after the breach was first identified. The forensic investigation confirmed there was continued unauthorized access to email accounts until July 28, 2023.

Almost a month after the breach was contained, city officials confirmed that some of the compromised email accounts contained personal and protected health information. While the investigation is ongoing and a manual and programmatic review of the email accounts has not yet concluded, affected individuals are known to have had a combination of the following information exposed: names, addresses, dates of birth, other demographic and contact information, Social Security numbers, medical information such as diagnoses and treatment information, and limited financial information, such as claims information.

City officials said they will issue notifications to the affected individuals when the email account reviews have been completed. At this stage, it is unclear how many individuals have been affected and no explanation has been given as to why it took two months to contain the incident and almost 5 months from initial discovery to disclose the breach.

ALPHV Ransomware Group Claims Responsibility for Morrison Community Hospital Cyberattack

Morrison Community Hospital (MCH) in Illinois has announced it experienced a network security incident on September 24, 2023, and confirmed there has been unauthorized access to its network. A third-party cybersecurity firm has been engaged to assist with securing its network and help with the investigation to determine the extent of the unauthorized activity. The breach appears to only involve Explanation of Benefits statements.

According to an October 19, 2023, notice on its website, “MCH has no reason to believe that any individual’s information has been misused as a result of this event,”  and that it is providing written notice to the affected individuals. The incident has not yet appeared on the HHS’ Office for Civil Rights breach portal, so it is unclear how many people have been affected. MCH said it has reviewed and enhanced its technical safeguards to prevent similar incidents in the future.

MCH did not disclose details about the nature of the attack; however, the ALPHV ransomware group has claimed responsibility and has added MCH to its data leak site. Samples of the stolen data were uploaded to the group’s data leak site on October 19, 2023, and the group has threatened to leak 5 terabytes of stolen data if the hospital does not comply with its demands.

Data Extortion Group Steals Data from Beverley Hills Plastic Surgery Practice

The Beverly Hills, CA-based plastic surgeon, Jaime S. Schwartz, M.D., appears to have fallen victim to a cyberattack. The Hunters International ransomware and data extortion group has added the plastic surgeon to its data leak site along with samples of photographs of four named patients.

The threat group claims to have exfiltrated 1.1 terabytes of data – 248,245 files – and said it is preparing to bulk email patients. There is currently no mention of a cyberattack or data breach on the plastic surgeon’s website and a breach has yet to appear on the websites of the California Attorney General and the HHS’ Office for Civil Rights.

The Federal Bureau of Investigation (FBI) recently issued a security alert warning that plastic surgery offices were being targeted by ransomware and data extortion groups. The first phase of attacks involves data theft, the stolen data is enhanced using open source information, and the final phase involves threats to leak data and attempted extortion of plastic surgeons and patients.

The post City of Philadelphia Says PHI Potentially Compromised in May 2023 Email Breach appeared first on HIPAA Journal.