EmergeOrtho, a North Carolina orthopedic practice, has recently notified 75,200 patients that some of their protected health information has been accessed by unauthorized individuals. According to EmergeOrtho’s substitute breach notice, a sophisticated ransomware attack was detected and blocked on May 18, 2022. The forensic investigation confirmed that the threat actors behind the attack had accessed files containing patients’ protected health information.
A comprehensive review of all affected files confirmed on August 19, 2022, that they contained information such as first and last names, addresses, Social Security numbers, and, for certain individuals, date of birth. No medical records, treatment information, or financial information was compromised in the attack and no evidence has been identified that suggests any of the affected information has been specifically misused.
EmergeOrtho said leading IT specialists were engaged to confirm the security of its network environment, steps will continue to be taken to enhance the security of its systems, and additional monitoring tools have been deployed to proactively identify any future attempted intrusions. EmergeOrtho has offered affected individuals a complimentary membership to single bureau credit monitoring services.
General Health System Notifies Patients About Ransomware Attack and Data Theft
Baton Rouge, LA-based General Health System, which operates Baton Rouge General Medical Center, has recently confirmed that unauthorized individuals gained access to its network and exfiltrated files containing patient data. The forensic investigation confirmed that the attackers had access to its network and files within certain directories between June 24, 2022, to June 29, 2022. The cyberattack was detected on June 28, 2022.
General Health System said the investigation into the attack is ongoing and a comprehensive review is being conducted of all files within the directories that could have been accessed. At this stage, the extent to which patient data has been compromised has yet to be confirmed and it is currently unclear how many individuals have been affected. Notification letters will be sent once that process has been completed.
The attack has caused some disruption to operations, and while care continues to be provided to patients, ambulances have been directed to alternative facilities. General Health System did not provide details on the nature of the attack; however, the Hive ransomware group has claimed responsibility and has started to add some of the stolen data to its leak site, which suggests the ransom was not paid.
The post EmergeOrtho & General Health System Victims of Ransomware Attacks appeared first on HIPAA Journal.