PHI Compromised in 4 Recent Ransomware and Malware Attacks

By | February 15, 2023

Teijin Automotive Technologies Says Welfare Plan Data Compromised in December Ransomware Attack

Teijin Automotive Technologies has recently confirmed the protected health information of 25,464 members of its welfare plan has potentially been accessed and stolen in a December 1, 2022, ransomware attack. Teijin Automotive Technologies has been transparent about the attack and its cause, confirming that its security systems were circumvented in a phishing attack. An employee clicked on a link in a phishing email on November 30, which allowed the threat actor to steal credentials, compromise the company’s servers, and deploy ransomware the following day.  The attack was contained by December 5, 2022.

Prompt action was taken by the IT team to prevent any further unauthorized access and law enforcement and the FBI were immediately notified and provided assistance with the investigation. The review of the compromised servers revealed they contained information related to the company’s welfare plan such as names, addresses, birth dates, Social Security numbers, health insurance policy information, and, in a limited number of cases, banking information. Teijin Automotive Technologies said medical information was not believed to have been stored on the affected servers.

“The security and confidentiality of personal employee information and the business information of our customers is critical to Teijin Automotive Technologies,” said CEO Chris Twining. “We are sorry this incident occurred and apologize to our employees, customers, and affected individuals. We have taken additional steps to strengthen the security of our data, including enhancing our security procedures, investing in new technology, and requiring additional training for our employees.” Affected individuals have been notified and credit monitoring services have been offered.

Arizona Health Advantage Reports Malware Attack

Arizona Health Advantage, a Chandler, AZ-based healthcare provider that does business as Arizona Priority Care and AZPC Clinics, LLC, has recently announced that malware has been detected on its network which prevented access to some of its servers and allowed unauthorized individuals to access and exfiltrate patient and health plan member data.

The security incident was detected on December 5, 2022, when employees were prevented from accessing files on some of its servers. A third-party computer forensics company was engaged to investigate the breach and determined the attack occurred between December 1 and December 2, during which time files were exfiltrated that contained the data of patients and members of the following health plans: Alignment Health Plan of Arizona, Inc., Alignment Health Insurance Company of Arizona, Inc., Blue Cross Blue Shield of Arizona, Health Net of Arizona, Inc. (Centene), and WellCare Health Plans of Arizona, Inc. (Centene).

The types of data involved varied from person to person and may have included name, date of birth, address, treatment dates, treatment information, service authorization numbers, health plan member number, and other personal information. Affected individuals have been notified and offered a one-year membership to a credit monitoring service. Additional security protections and protocols have now been implemented to protect against attacks in the future. According to the HHS’ Office for Civil Rights, the protected health information of 10,978 individuals was potentially compromised.

Garrison Women’s Health Says Malware Allowed Access to Patient Data

Dover, NH-based Garrison Women’s Health, a division of Wentworth-Douglass Hospital, has recently announced that the protected health information of 4,158 patients was potentially stolen in a cyberattack on one of its business associates, Global Network Systems.

Global Network Systems, a provider of technology services, detected the attack on December 12, 2022, which caused a network outage that rendered its systems unavailable. The investigation confirmed that an unauthorized third party had access to Global’s systems for 8 months, with the initial access determined to have occurred on April 29, 2022.

Garrison Women’s Health said the attack corrupted information in its electronic health records, which were hosted by Global, and that information has not been recovered. The corrupted data related to patients who received healthcare services between April 29, 2022, and December 12, 2022, and included medical and treatment information, coding, claims data, insurance information, payment information, physician notes, and scheduling information.

Garrison Women’s Health said it was unable to restore the corrupted data from backups, but said it was possible to restore access to the information contained in specific radiology and ultrasound applications, and after investigating other potential backup sources, was able to restore its electronic medical record system and recover data prior to April 28, 2022.

While the incident was not reported as a ransomware attack, it has the hallmarks of a ransomware attack. Garrison Women’s Health said it does not believe there has been any misuse of patient data, although affected individuals have been advised to monitor their accounts and Explanation of Benefits statements for unauthorized activity.

While data loss was confirmed, Garrison Women’s Health said some of the lost information may have been duplicated and may be maintained by a patient’s primary care physician, hospital, or other providers, or could have been received by a patient’s health plan.

Malware Attack on Intelligent Business Solutions Exposed Riverside Health System Data

Intelligent Business Solutions (IBS) has recently started sending notifications to cardio-thoracic patients of Riverside Health System to inform them that some of their personal and protected health information has potentially been accessed or stolen. A security breach was detected on or around November 14, 2022, when suspicious activity was identified within the IBS network. The forensic investigation identified the presence of malware, which was used to encrypt files on certain servers and systems. The breach lasted from November 10, 2022, to November 15, 2022.

The review of the affected files confirmed they contained the following data types: name, Social Security number, date of birth, health insurance information, medical treatment information, and procedure information. While data theft may have occurred, IBS said it is unaware of any actual or attempted misuse of the impacted data. IBS said it had extensive policies, procedures, and cybersecurity protections in place, but they were unable to prevent the attack. Those cybersecurity measures are being reviewed and will be updated, as appropriate, to reduce the likelihood of further attacks. Affected individuals have been offered complimentary memberships to credit monitoring and identity theft protection services for 24 months.

The post PHI Compromised in 4 Recent Ransomware and Malware Attacks appeared first on HIPAA Journal.