Neurology Center of Nevada Cyberattack Impacts 11,700 Patients
The Neurology Center of Nevada (NCNV), in Henderson, NV, has confirmed a data security event was detected on July 17, 2022, which rendered certain computer systems inaccessible. Prompt action was taken to secure its systems and an investigation was launched to determine the nature and scope of the security breach, with assistance provided by third-party cybersecurity experts. The investigation confirmed that the threat actors behind the attack had access to its systems for more than a month between June 12, 2022, and July 17, 2022, and during that time, files on its systems were subjected to unauthorized access.
The compromised files contained full names, addresses, dates of birth, gender, driver’s license numbers, Social Security numbers, health insurance information, and medical information, such as diagnosis/treatment information, lab results, and medications. Affected individuals have been notified by mail and advised to monitor their accounts, credit reports, and explanation of benefits statements for unusual activity. NCNV said additional administrative and technical safeguards have been implemented to protect against future security breaches.
The breach has been reported to the HHS’ Office for Civil Rights as affecting up to 11,700 patients.
Northern California Fertility Medical Center Notifies Patients About Attempted Ransomware Attack
Sacramento, CA-based Northern California Fertility Medical Center (NCFMC) has recently announced that it detected and stopped an attempted ransomware attack on its network. The attack was detected on July 24, 2022, and immediate action was taken to contain the attack, secure its systems, and eject the threat actors from its network. A third-party cybersecurity company was engaged to assist with the investigation and incident response and determine the extent and scope of the breach.
NCFMC said no evidence was found to indicate there had been any misuse of patient data, but during the time of unauthorized access to its systems, some sensitive data was exposed, including names and the statuses of ultrasounds performed at NCFMC, and/or cryopreserved tissue stored at NCFMC. No Social Security numbers or financial information were stored on the systems accessed in the attack.
NCFMC said it has altered its tools, policies, and procedures relating to the security of its systems and servers. Complimentary credit monitoring and identity theft protection services have been offered to affected individuals through CyberScout.
It is currently unclear how many individuals have been affected by the incident.
2,000-Record Data Breach Reported by The Coeur Group
Cynthia Paul, M.D., LLC, a psychiatrist doing business as The Coeur Group, in Omaha, NE, has notified 2,020 patients that some of their protected health information has potentially been accessed by an unauthorized individual who gained access to an employee’s email account. The unauthorized access was detected on July 26, 2022, with the investigation confirming the breach occurred between June 7, 2022, and July 12, 2022.
A comprehensive review of the affected email account confirmed it contained patient information such as names, addresses, dates of birth, and other demographic information, health insurance information, and limited clinical information, such as provider names, diagnoses/conditions, and medication information. A limited number of individuals also had their Social Security numbers and credit card information exposed.
In response to the breach, new authentication requirements have been implemented, including multifactor authentication, network procedures have been strengthened, firewalls have been enhanced, and additional alerts have been set up to warn about potential unauthorized access. Affected individuals have been offered a one-year membership to a credit monitoring service.
The post Data Breaches Reported by Neurology and Fertility Centers in Nevada and California appeared first on HIPAA Journal.