Nebraska Medicine Notifies 219,000 Patients About September 2020 Malware Attack

By | February 10, 2021

Nebraska Medicine has started notifying approximately 219,000 patients about a malware attack that allowed an unauthorized individual to view and obtain patient information.

Nebraska Medicine identified unusual activity in some of its systems on September 20, 2020. All affected devices were isolated to contain the breach and impacted systems were shut down to prevent any further unauthorized access. Independent computer forensics experts were engaged to conduct an investigation and determine the nature and scope of the security breach.

The investigation confirmed that an unauthorized individual first gained access to the network on August 27, 2020 and deployed malware. Between August 27 and September 20, that individual copied certain files, some of which contained patient information.

The files contained information about patients who received medical services at The Nebraska Medical Center or University of Nebraska Medical Center, as well as a limited number of patients who visited Faith Regional Health Services, Great Plains Health, or Mary Lanning Healthcare.

The protected health information obtained in the attack included one or more of the following data elements: Name, address, date of birth, medical record number, health insurance information, physician notes, laboratory results, imaging, diagnosis information, treatment information, and/or prescription information, and a limited number of Social Security numbers and driver’s license numbers.

Affected individuals were notified about the breach on February 5, 2021. Individuals whose Social Security or driver’s license number was compromised have been offered complimentary credit monitoring and identity theft protection services. Nebraska Medicine continues to monitor its IT environment for potential breaches and network monitoring tools have been enhanced.

Phishing Attack Affects 2,500 Hackley Community Care Patients

Hackley Community Care in Muskegon, MI is alerting approximately 2,5000 patients that some of their protected health information has been exposed and may have been viewed by unauthorized individuals.

In September 2020, a phishing email was sent to several staff members that contained a link to a malicious website. One employee clicked the link and entered their login credentials which were captured and used by the attacker to remotely access the employee’s email account between September 7 and September 24, 2020.

The investigation into the incident confirmed only one email account had been compromised and no evidence was found to indicate any emails in the account were opened. A review of the compromised email account was completed on December 18, 2020 and all individuals are now being notified if they have been affected.

For most of the affected individuals, the breach was limited to names and addresses. Individuals who had more sensitive data exposed have been offered complimentary credit monitoring services through TransUnion. Hackley Community Care is implementing additional security measures to prevent similar incidents in the future.

The post Nebraska Medicine Notifies 219,000 Patients About September 2020 Malware Attack appeared first on HIPAA Journal.