The Chicago, IL-based social justice and human rights organization, Heartland Alliance, announced on December 15, 2022, that it was the victim of a cyberattack. The security breach was discovered on January 26, 2022, and prompt action was taken to secure its systems to prevent further unauthorized access. A leading third-party cybersecurity firm was engaged to investigate the incident.
On April 27, 2022, Heartland Alliance confirmed that an unauthorized individual had gained access to its network and potentially accessed or obtained files containing sensitive personal information. A lengthy review process was then initiated to determine the extent of the data breach and to obtain up-to-date contact information for the affected individuals. That process was completed in December 2022.
Heartland Alliance has confirmed that the protected health information of individuals who sought health care or participated in other Heartland programs was potentially compromised, along with the personal information of employees, directors, and independent contractors. The data involved varied from individual to individual and may have included one or more of the following data types: names, dates of birth, Social Security numbers, driver’s license numbers, bank account numbers, and medical/health information. Heartland Alliance said it is unaware of any actual or attempted misuse of that information.
Notification letters were sent to affected individuals on December 15, 2022, and a one-year membership to an identity and credit monitoring service has been offered. Heartland Alliance has also confirmed that it has upgraded its IT security systems to prevent similar security breaches in the future.
CentraState Medical Center Facing Ongoing Disruption Following Late December Cyberattack
CentraState Medical Center in Freehold, NJ, has been dealing with a cyberattack that occurred on or around December 30, 2022. The cyberattack was detected during a shift change around 7 am when computer systems started to malfunction. As a precaution, the medical center went on full diversion, with ambulances directed to alternative facilities while the cause of the IT system outage was investigated.
Tom Scott, President, and CEO of CentraState Medical Center, has confirmed that the disruption was due to a cyberattack that affected certain IT systems. Systems were promptly isolated to contain the attack and an investigation was launched to determine the nature and scope of the breach. Employees have been recording patient data manually while IT systems are out of action, and extra staff has been brought in to deal with the increased workload.
CentraState Medical Center issued an update on January 3, 2023, confirming that the usual high standards of patient care are being maintained, but some services at the medical center continue to be affected, including outpatient radiology, radiation treatment, mammography, labs, and catheterization lab services. Scheduled inpatient procedures are continuing as normal, but some outpatient appointments have been postponed or rescheduled.
No timescale has been provided on when systems will be fully restored, and no information has been disclosed on the exact nature of the attack. It is also unclear at this early stage of the investigation if, and to what extent, patient data was involved.
The post Cyberattacks Reported by Heartland Alliance and CentraState Medical Center appeared first on HIPAA Journal.