Little Rock, AR-based Independent Case Management (ICM), a provider of home and community-based support for individuals with intellectual and developmental disabilities, has recently notified 3,307 individuals that some of their protected health information may have been stolen in a ransomware attack.
According to the notification letters, three servers were affected by the attack. The servers were encrypted on December 24, 2021, and a ransom note was dropped on the servers; however, the attack was not detected by ICM until June 15, 2022, as the servers were only used to store historical employee and customer data.
When the attack was detected, a third-party IT vendor was engaged to isolate the servers and perform security scans to ensure that access to the servers was blocked and no other systems or data were affected. The investigation confirmed that only 3 servers were affected, and they contained information such as names, addresses, dates of birth, Social Security numbers, health records, insurance plan and payment information, Medicaid numbers, and medical and health records. Some employee files were also stored on the servers. ICM said it was not possible to determine if specific personal information was accessed, removed, or misused.
ICM said steps have been taken to improve the privacy and security of personal information, including conducting regular security scans, implementing multifactor authentication, improving monitoring systems, and providing additional cybersecurity training to employees.
Conifer Health Solutions Discovers Email Account Breach
Conifer Health Solutions, a Frisco, TX-based provider of revenue cycle management and other administrative services to healthcare providers, has recently discovered that an unauthorized third-party gained access to a Microsoft Office 365 hosted business email account.
The breach was detected during an internal review, with the subsequent investigation determining the email account was compromised on January 20, 2022. The breach was confined to a single email account, which was separate from its internal network and systems. The review of the email account was conducted between June 13 and August 3 and determined it contained the protected health information of 2,787 individuals, including full names, dates of birth, addresses, Social Security numbers, financial account information, medical and treatment information, health insurance information, and billing and claims information.
Steps were immediately taken to prevent further unauthorized access and additional security measures have now been implemented, including multifactor authentication and enhanced monitoring of the email environment. Complimentary credit monitoring and identity protection services have been offered to individuals whose Social Security numbers or financial account information was exposed.
The post Cyberattacks Reported by Independent Case Management & Conifer Health Solutions appeared first on HIPAA Journal.