Mountain View Hospital, Idaho Falls Community Hospital, and several clinics in rural Idaho run by the same operator have been affected by a recent cyberattack. The decision was taken to temporarily close one of the clinics – Mountain View RediCare – while the attack is remediated.  All other clinics have remained open but are offering reduced services.

The cyberattack was detected on Memorial Day, and ambulances were diverted to other hospitals as a precaution. The diversion has remained in place through Wednesday and the facilities are still experiencing network issues due to the attack. The hospitals have remained open with staff manually recording patient information while the network is down. A spokesperson for Idaho Falls Community Hospital said patient safety has been the priority and work is continuing around the clock to restore access to computer systems and its systems are cleaned. At this stage, it is not possible to tell how long the recovery process will take and when systems will return to normal operation.

Details about the nature of the attack, such as if ransomware was used, have not been released at this stage, and it is too early to tell the extent to which patient information was involved. The hospital confirmed that the swift action of the IT department to contain the attack has limited the impact and has helped to keep patient data secure.

UI Community Home Care Suffers Ransomware Attack

UI Community Home Care, a subsidiary of the University of Iowa Health System, has recently reported a security incident to the HHS’ Office for Civil Rights that resulted in the exposure and possible theft of the protected health information of 67,897 patients.

The security breach was detected on March 23, 2023, when files were discovered to have been encrypted, preventing access. The forensic investigation confirmed there had been unauthorized access to files on its servers that started on or around March 23, 2023, and some of those files contained patient information. The electronic medical record system is separate from the affected servers and was not accessed in the attack.

The information potentially compromised varied from patient to patient and may have included name in combination with one or more of the following: date of birth, address, phone number, medical record number, referring physician, dates of service, health insurance information, billing and claims information, medical history information, and diagnosis/treatment information. At the time of issuing notifications, UI Community Home Care was unaware of any misuse of patient data. Security oversight efforts have been strengthened in response to the incident to prevent similar events from occurring in the future.

Grant Regional Health Center Notifies Patients About Email Account Compromise

Grant Regional Health Center in Lancaster, WI, has notified 4,135 patients about a breach of an employee email account. The notification letters do not state when the breach was detected but explain that the forensic investigation confirmed that the email account was subjected to unauthorized access between March 20, 2023, and March 24, 2023.

The review of the emails and attachments in the account was completed on May 9, 2023, and confirmed that patient names had been exposed along with one or more of the following data elements: date of birth, financial account information, medical information, health insurance information, Taxpayer ID number, and Social Security number. Grant Regional Health Center said no actual or attempted misuse of patient data has been detected. Email security has been enhanced to prevent similar breaches in the future.

The post Idaho Hospitals Divert Ambulances and Clinic Temporarily Closes Due to Cyberattack appeared first on HIPAA Journal.