One Brooklyn Health System is currently dealing with a cyberattack that has caused disruption at its three hospitals – Interfaith Medical Center, Brookdale Hospital Medical Center, and Kingsbrook Jewish Medical Center. Little information has been released about the attack so far, which is believed to have occurred on or just before November 19. That was the date when the health system shut down its network, which has remained offline for more than a week.
The New York Post reports that the cyberattack has prevented hospital staff from accessing the electronic medical record system, so patient information has been recorded using pen and paper while the hospitals operate under emergency procedures. The decision was taken to reroute ambulances to other facilities, although communication with other hospitals in the area appears to have been non-existent. The health system also reportedly failed to notify New York Fire Department ambulance services that emergency cases were to be sent to alternative facilities.
“We are aware of the incident, and we are working with One Brooklyn Hospital Network to ensure patient safety. As this is an ongoing investigation, we cannot comment further,” said New York Department of Health spokesman Jeffrey Hammond.
The hospital has engaged third-party experts to help investigate the nature and scope of the attack and to assist with bringing IT systems back online. Some systems are now back online and there is now limited access to its electronic medical record system and some other clinical applications. One Brooklyn Health issued a statement confirming that patient care has been unaffected by the security breach and while ambulances were rerouted, appointments have not had to be canceled. At this stage of the breach response, it is too early to tell if, and to what extent, patient information has been affected.
Mena Regional Health System Breach Affects Almost 85,000 Patients
Mena Regional Health System (MRHS) in Arkansas announced on November 22, 2022, that an unauthorized third party gained access to its network and exfiltrated files containing the protected health information of 84,814 patients.
MRHS did not explain in its substitute breach notice when hackers first gained access to its network but said the intrusion was discovered on November 8, 2022. The investigation revealed files were exfiltrated from its network more than a year previously, on or around October 30, 2021. MRHS provided no explanation as to why it took so long to discover the breach.
The review of the files confirmed they contained full names, dates of birth, Social Security numbers, driver’s license/government identification numbers, financial account information, medical record/patient account numbers, medical diagnosis/treatment information, medical provider names, lab results, prescription information, and health insurance information.
MRHS said it is unaware of any attempted or actual misuse of patient information and that “out of abundance of caution” notification letters are being sent to affected individuals. That process commenced on November 22, 2022. Individuals whose Social Security numbers were compromised have been offered complimentary credit monitoring services. Security processes are being reviewed and will be updated to enhance the privacy and security of patient information.
Patient Information Stolen in Dallam Hartley Counties Hospital District Cyberattack
Dallam Hartley Counties Hospital District in Texas has recently confirmed that it suffered a cyberattack in late September and that the third party behind the attack was able to obtain files that contained the protected health information of 69,835 patients. The incident was detected on September 28, 2022, with the investigation confirming its network was first accessed by unauthorized individuals the previous day, with access continuing until its systems were secured on September 28.
A review of the files exfiltrated from its system confirmed they contained patient names, Social Security numbers, health insurance information, demographic information, and limited medical information. Medical records remained secure and were not accessed during the incident. Credit monitoring and identity theft protection services have been offered to affected individuals and steps are being taken to enhance the security of its IT systems. Notification letters were sent to affected patients on November 23, 2022.
The post One Brooklyn Health Dealing with Ongoing Cyber Incident appeared first on HIPAA Journal.