Patient Data Compromised in 5 Hacking Incidents, Ransomware Attacks, and Break-ins

By | November 17, 2022

Salud Family Health Provides Update on September 2022 Ransomware Attack

Colorado-based Salud Family Health, a Federal Qualified Health Center (FQHC), has recently provided an update on a September 2022 cyberattack and has confirmed that patient data was potentially stolen. Salud Family Health said the security breach was detected on September 5, 2022, and it has now confirmed that patient and employee data was accessed in the attack.

In the update, Salud Family Health did not confirm the extent to which data had been stolen but said the affected information may have included patient names, Social Security numbers, driver’s license numbers, Colorado identification card numbers, financial account information/credit card numbers, passport numbers, medical treatment and diagnosis information, health insurance information, biometric data, and usernames and passwords.

The breach was reported to the HHS’ Office for Civil Rights using a placeholder of 501 and that figure has yet to be updated on the OCR breach portal; however, the threat actor behind the attack – the Lorenz ransomware group – has dumped a sample of the files online. The threat actor claims to have stolen data that includes around 400,000 Social Security numbers, although this has not been verified.

Salud Family Health said affected employees and patients have been offered free credit monitoring and identity fraud protection services, and security policies and procedures are being reviewed and will be updated to protect against future cyberattacks.

New York-Presbyterian Hospital Discovers Breach Affecting up to 12,000 Patients

New York-Presbyterian Hospital has recently announced that unauthorized individuals gained access to one of its servers and attempted to download sensitive data. The security system detected the intrusion on September 8, 2022, and successfully blocked the attempted download.

The forensic investigation of the incident revealed the attacker had used a cloud-based, remote information technology customer support program to access the laptops of several of its workforce members, and certain desktop files had been downloaded from some of those devices. The patient portal was not accessed, but one of the laptops contained the protected health information of approximately 12,000 patients of NewYork-Presbyterian/Queens and NewYork-Presbyterian/Hudson Valley.

The protected health information potentially accessed and copied included first and last names, addresses, insurance authorizations, medical records numbers, and exam results. New York-Presbyterian Hospital said accounts used for the technical assistance program were immediately suspended and the service was terminated without further incident. Credit monitoring and identity theft protection services have been offered to all affected patients.

Forest Hill Pediatrics Reports EHR Vendor Data Breach

Bel Air North, MD-based Forest Hill Pediatrics has recently confirmed that the protected health information of up to 4,958 patients has potentially been compromised in a cyberattack on one of its vendors, Connexin Software, Inc, a provider of EHRs, practice management, and business analytics software to pediatric physician practice groups. The breach was detected by Connexin on August 26, 2022, and forensic experts were engaged to determine the nature and scope of the security breach.

On September 13, 2022, Connexin learned that an unauthorized third party had accessed an offline set of patient data used for data conversion and troubleshooting, and removed some of that data from its systems. The electronic record system was unaffected. The offline data included patient names, guarantor names, parent names, addresses, email addresses, birth dates, Social Security numbers, health insurance information, dates of service, locations, services requested/procedures performed, diagnoses, prescription information, physician names, medical record numbers, and billing and claims information.

Connexin has improved its security controls and enhanced system monitoring in response to the breach. Connexin has also offered complimentary child identity monitoring services for a period of one year to individuals who had their Social Security numbers exposed.

Alta Forest Products Health and Welfare Plan Member Data Potentially Stolen

Chehalis, WA-based Alta Forest Products has experienced a cyberattack in which the protected health information of up to 2,100 members of the Alta Forest Products Health and Welfare Plan was exposed. The security breach was detected on September 1, 2022, and prompt action was taken to secure its systems and prevent further unauthorized access.

The forensic investigation confirmed the attacker had access to files on its servers between August 17, 2022, and August 31, 2022, and during that time may have downloaded files containing the information of health and wellness plan members such as names, dates of birth, Social Security numbers, financial account numbers, and the employee health plan enrollment status for certain Alta employees and their dependents.

Notification letters were sent to affected individuals on October 31, 2022. Complimentary credit and identity monitoring services have been offered to affected individuals. Alta Forest Products has also enhanced the security of its computer systems and data.

Documents Containing PHI of Patients of Hilario Marilao, M.D Stolen in Break-in

Riverside, CA-based pediatric cardiologist, Hilario Marilao, M.D, has recently confirmed that documents containing the protected health information of patients were stolen in a break-in. The documents were stored in the basement of the offices in a locked storage cabinet. The theft was identified on September 6, 2022, following a minor flood, when account ledgers in the storage cabinet were determined to be missing. It is unclear when the ledgers were stolen.

The stolen ledgers contained patient names with a combination of the following types of information: address, phone number, Social Security Number, health insurance information, child’s name, date of service, and child’s date of birth. Affected individuals visited Dr. Marilao between 2010 to 2011, had a last name starting with A through M, and either the parent or child was insured under a Medi-Cal or an HMO plan. Dr. Marilao said all files have now been moved into the offices upstairs, and new security cameras and alarms have been fitted. Credit monitoring services are being offered to affected individuals.

At present, it is unclear how many individuals have been affected.

The post Patient Data Compromised in 5 Hacking Incidents, Ransomware Attacks, and Break-ins appeared first on HIPAA Journal.