Maternal & Family Health Services in Eastern Pennsylvania has recently notified certain patients about an April 4, 2022, ransomware attack in which sensitive patient data was exposed. When the attack was detected, systems were secured, and a third-party computer forensics firm was engaged to investigate and determine the nature and scope of the breach. The investigation confirmed that its systems were first accessed by the attackers on August 12, 2021, almost 8 months before ransomware was used to encrypt files. Its systems were secured on April 4, 2022, with the investigation, review of affected files, and the verification of contact information lasting until the end of the year. Notifications were sent to affected individuals on January 3, 2023.
Maternal & Family Health Services said the compromised files included information such as names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account/payment card information, usernames, passwords, medical information, and health insurance information. Complimentary credit monitoring and identity theft protection services have been offered to individuals whose Social Security number or financial account/payment card information was involved. No evidence of misuse of patient data had been identified at the time of issuing notifications. Maternal & Family Health Services said it is strengthening security to prevent similar incidents in the future.
The incident has not yet appeared on the HHS’ Office for Civil Rights breach portal, so it is currently unclear have many individuals have been affected.
Retreat Behavioral Health Ransomware Attack Affects Up to 23,620 Patients
Retreat Behavioral Health, an operator of mental health and substance use treatment centers in Florida, Pennsylvania, and Connecticut, has confirmed that ransomware was used in a cyberattack that was detected and blocked on July 1, 2022.
Retreat Behavioral Health said the forensic investigation concluded on December 9, 2022, and notifications have now been sent to affected patients. The investigation indicates a data set within its network was accessed by the third party behind the attack, with the potentially compromised data including names, addresses, and Social Security numbers. A subset of individuals also had date of birth and/or treatment information exposed. Retreat Behavioral Health said no evidence of attempted or actual misuse of patient data has been identified but as a precaution, Single Bureau Credit Monitoring Services have been offered to patients at no cost. Retreat Behavioral Health has also implemented additional monitoring tools on its network and will continue to enhance system security.
The breach was recently reported to the Maine Attorney General as affecting 23,620 patients.
Employee Benefits Plan Data Exposed in L. Knife & Son Hacking Incident
The alcoholic beverage wholesaler, L. Knife & Son, Inc., has recently announced that an unauthorized third party gained access to its network and copied files containing sensitive data. The security breach was detected on November 1, 2022, with the forensic investigation confirming unauthorized access to files and data theft occurred between October 13, 2022, and October 19, 2022. The review of the affected files was completed on December 8, 2022.
The breach was reported to the Maine Attorney General as involving the data of 14,377 individuals, and the HHS’ Office for Civil Rights as involving the protected health information of 4,082 members of its Employee Benefits Plan. Affected individuals have been offered complimentary 2-year memberships to an identity theft protection service, and additional security measures have been implemented to prevent further breaches in the future.
The post Ransomware Attacks Announced by Maternal & Family Health Services and Retreat Behavioral Health appeared first on HIPAA Journal.