Methodist McKinny Hospital in Texas has recently announced that its systems have been accessed by unauthorized individuals who removed files containing sensitive data from its systems. The security incident was detected on July 5, 2022, and a third-party cybersecurity firm was engaged to investigate the nature and scope of the incident. The investigation confirmed that the attackers had access to its systems between May 20, 2022, and July 7, 2022, and during that time, files were exfiltrated that contained patient data. The preliminary investigation has confirmed that the files contained names, addresses, Social Security numbers, birth dates, medical history information, medical diagnosis information, treatment information, medical record numbers, and health insurance information.
The investigation into the security breach is ongoing and a detailed review of all affected files has been initiated to determine the patients affected. The breach is known to have affected patients of Methodist McKinney Hospital, Methodist Allen Surgical Center, and Methodist Craig Ranch Surgical Center. Notifications will be sent to affected individuals in due course. It is currently unclear how many individuals have been affected.
Methodist McKinny Hospital did not disclose the nature of the attack in the substitute breach notification, but this appears to have been a ransomware attack. The Karakurt ransomware gang has listed Methodist McKinny Hospital on its data leak site as a pre-release and claims to have exfiltrated 367 GB of data in the attack.
Columbia River Mental Health Services Reports Breach of Employee Email Accounts
Columbia River Mental Health Services has recently notified the HHS’ Office for Civil Rights about a security incident involving certain employee email accounts. According to the breach notice, suspicious activity was detected in certain email accounts, and third-party forensics experts were engaged to investigate the breach. The investigation confirmed that the email accounts were accessed by unauthorized individuals between May 14, 2021, and April 8, 2022.
A review was conducted of the affected accounts, which confirmed on July 6, 2022, that they contained patients’ protected health information. The review of the information in the accounts is ongoing and notification letters will be sent to affected individuals when the review is completed. The breach has been reported to the HHS’ Office for Civil Rights as affecting ‘501’ individuals to meet the deadline for reporting the incident. The breach total will be updated when the number of affected individuals is confirmed.
The post PHI Exposed in Cyberattacks on Methodist McKinny Hospital and Columbia River Mental Health Services appeared first on HIPAA Journal.