Family Christian Health Center (FCHC) in Illinois has announced it was the victim of a ransomware attack in November 2021 that compromised the protected health information of 31,000 patients. The attack was detected on November 30, 2021, with the investigation indicating the attackers first gained access to its IT systems on or around November 18, 2021.
The attackers compromised FCHC’s old dental system which contained the PHI of patients who had received dental services prior to August 31, 2020. The system contained patients’ names, birth dates, insurance card numbers, driver’s license numbers, and copies of patients’ insurance cards and driver’s licenses. FCHC said information about the dental care provided, credit card numbers, and the Social Security numbers of affected dental patients were not affected. The PHI of non-dental patients who received healthcare services between December 5, 2016, and August 31, 2020, was also compromised and included names, birthdates, addresses, insurance identification numbers, and Social Security numbers.
FCHC worked with external IT vendors to investigate the breach and a forensic investigator was engaged to determine how the attackers gained access to the network and to recommend additional security measures to prevent further attacks. FCHC said it has implemented additional technical safeguards.
Patient Data Potentially Compromised in Jackson County Hospital Ransomware Attack
Jackson County Hospital in Florida recently announced certain systems within its network have been accessed by unauthorized individuals who potentially viewed or obtained the personal and medical information of certain patients. The security breach was detected on or around January 9, 2022, when certain systems were rendered inaccessible.
Third-party forensic specialists investigated the cyberattack and determined limited patient data had been exfiltrated from its systems, including names, addresses, birthdates, telephone numbers, Social Security numbers, medical histories, medical conditions/treatment information, medical record numbers, diagnosis codes, patient account numbers, Medicare/Medicaid numbers, financial account information, and usernames/passwords. At this stage, Jackson County Hospital has not found any evidence to suggest there has been any misuse of patient data but affected patients have been advised to be vigilant and to check their account statements and explanation of benefits statements for signs of fraudulent activity.
Jackson County Hospital said the investigation into the cyberattack is ongoing and steps are being taken to improve security. Current policies and procedures are being reviewed and additional administrative and technical safeguards will be implemented to further secure the information in its systems.
The cyberattack has been reported to the HHS’ Office for Civil Rights but it is not yet showing on the breach portal, so it is currently unclear how many patients have been affected.
The post Patient Data Compromised in Ransomware Attacks on Family Christian Health Center & Jackson County Hospital appeared first on HIPAA Journal.