Detroit, MI-based Henry Ford Health has recently notified 168,000 patients that an unauthorized individual gained access to employee email accounts that contained some of their protected health information. A spokesperson for Henry Ford Health said the unauthorized access occurred on March 30, 2023, after employees responded to phishing emails. The attack was discovered quickly and the accounts were secured; however, access to patient data was possible. A review of the email accounts confirmed on May 16, 2023, that they contained the following patient information: name, date of birth, age, gender, telephone number, medical record number/ internal tracking number, lab results, procedure type, diagnosis, and date(s) of service. Henry Ford Health is implementing additional security measures to protect against future email account breaches and additional training has been provided to employees.

IMX Medical Management Services Announces 2022 Malware Incident

The Malvern, PA-based medical consulting company, IMX Medical Management Services, has recently confirmed that malware was found on a laptop computer that potentially allowed unauthorized individuals to access the protected health information of 7,594 individuals. According to the notification letters, the malware was detected on September 1, 2022, and the forensic investigation revealed the malware had been present since as early as June 2022. Additional malware indicators were also found on its network in October 2022.

IMX said the malware has been removed and no further indicators of malware have been detected since October 2022. The delay in issuing notifications was due to the “extensive and complex analysis of the affected data.” IMX said the malware provided access to the bodies of email messages but attachments were not exfiltrated. The compromised information included names or other personal identifiers along with driver’s license numbers and other ID cards. Identity theft protection services have been offered to affected individuals.

Storage Unit Purchased at Auction Contained Dozens of Boxes of Patient Files

A storage unit was recently sold at auction that contained more than 200 boxes of patient files. The unit went up for sale when the unit rental payments stopped. The purchaser submitted a blind bid for the unit and discovered the boxes of patient files after purchasing the unit. The records related to patients of East Houston Medicine and Pediatric Center who received treatment between 2009 to 2019. The files included information such as names, Social Security numbers, driver’s license images, medical histories, and insurance information. The purchaser is currently trying to arrange for the files to be collected.

PHI Exposed in Charles George VA Medical Center Mismailing Incident

Charles George VA Medical Center in Asheville, NC, has confirmed that the personal information of 1,541 veterans has been exposed in an email mismailing incident. The data exposure was detected on May 12, 2023, and immediate steps were taken to delete the emails that had not been opened; however, the messages were opened by three veterans. The emails included an attachment that contained limited protected health information. Affected individuals have been offered complimentary credit monitoring and identity theft protection services.

The post 168,000 Patients Have PHI Exposed in Phishing Attack on Henry Ford Health appeared first on HIPAA Journal.

Pension Benefit Information, LLC, doing business as PBI Research Services (PBI), has recently confirmed that the protected health information of 371,359 individuals was obtained by the Clop ransomware hackers in an attack that exploited a zero-day vulnerability in the MOVEit Transfer file transfer solution on or around May 31, 2023.

PBI said the breach was discovered on June 2, 2023, and the patch to fix the flaw was applied the same day. The forensic investigation confirmed that one of PBI’s MOVEit Transfer servers was accessed by the Clop hackers on May 29 and May 30, 2023. The files stolen in the attack included names, partial mailing addresses, dates of birth, and Social Security numbers. PBI said it is unaware of any actual or attempted misuse of the stolen information; however, as a precaution, affected individuals have been offered two years of complimentary credit monitoring and identity theft protection services. Notifications started to be sent to the affected individuals on June 4, 2023.

LockBit Ransomware Group Announces Attack on Panorama Eyecare

The LockBit ransomware group has recently added Panorama Eyecare to its data leak site and claims to have exfiltrated 798 GB of data from the Colorado-based physician management organization, including data from its clients Eye Center of Northern Colorado, Denver Eye Surgeons, Cheyenne Eye Clinic & Surgery Center, and 2020 Vision Center. Panorama Eyecare has yet to publicly confirm the data breach and it is currently unclear to what extent patient data was involved.

8Base Ransomware Group Adds Kansas Medical Center to its Data Leak Site

Kansas Medical Center, a physician-owned hospital in Andover, KS, has recently been added to the data leak site of the 8Base ransomware group. The threat group claims the attack occurred on June 18, 203, and sensitive patient and employee data was stolen including names, addresses, registration information, and other information. Kansas Medical Center has not publicly announced the attack and it is unclear how many patients have been affected.

The post Pension Benefit Information Confirms PHI of 371,359 Individuals Stolen in MOVEit Transfer Hack appeared first on HIPAA Journal.