PHI Potentially Compromised in Ransomware Attacks at MD, TX, and FL Healthcare Providers

By | November 28, 2022

Woodlawn, MD-based Hope Health Systems Inc. (HHS) has recently announced that it was the victim of a ransomware attack. The attack was detected on June 20, 2022, and third-party forensics experts were engaged to investigate the incident and determine the scope of the attack.

The investigation revealed an unauthorized third party first accessed its systems on June 10, 2022, several days prior to using ransomware to encrypt files. While evidence of data theft was not identified, on or around August 24, 2022, the forensic investigation concluded that data theft was a possibility. It took until October 18, 2022, to review all files on the compromised part of the network to determine who had been affected.

HHS says the protected health information of up to 9,972 patients was stored on the compromised systems, and included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, health insurance information, and medical information. HHS said it is evaluating its existing cybersecurity policies, procedures, and processes, to determine where improvements can be made to prevent similar incidents in the future.  Notifications were sent to affected individuals on November 21, 2022.

Ransomware Attack Affects Patients of Disability Services of the Southwest

The Texas-based home healthcare provider, Disability Services of the Southwest, has recently confirmed that unauthorized individuals gained access to its employment and training website and potentially obtained client information.

The website was operated by vendor Intermap Holdings. Unauthorized individuals gained access to the platform provider’s system on September 28, 2022, and used ransomware to encrypt files. Intermap Holdings was able to contain and block the attack on the same day; however, it is possible that during that short window of opportunity, sensitive data may have been viewed or obtained, although no evidence of unauthorized access or data theft was identified.

Affected individuals had either submitted an employment application, in which case their name, phone number, email address, and details of the job and location they were applying for may have been accessed. Current and past employee information may also have been compromised, such as name, address, phone number, employee ID, and training history. No financial information or Social Security numbers were affected as they were stored on a separate system.

Disability Services of the Southwest said the platform provider has removed the malware and is actively monitoring its platform for signs of intrusion. The incident has yet to appear on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

Oceansview Optical Ransomware Attack Affects 2,000 Patients

Oceansview Optical in Sebastian, FL, has recently announced that part of its database was encrypted in a ransomware attack. The attack was detected on October 8, 2022, when its office software was shut down. The investigation revealed parts of its database had been encrypted using Venus ransomware, and two external hard drives and the backup server were corrupted. Paper charts had to be used for 9 days while systems were rebuilt.

The ransom was not paid, and without access to backups, it was not possible to restore the encrypted parts of the database from July 2021 to October 8, 2022. A copy of the encrypted database has been retained and it is hoped it can be recovered at some point in the future when a decryptor is made available for Venus ransomware.

In a detailed and honest breach notification, Jennifer L Loar OD said the intention of this attack appeared to be to corrupt data to prevent access, so data exfiltration is unlikely; however, the exfiltration of data could not be ruled out. The types of information potentially compromised included names, nicknames, addresses, phone numbers, email addresses, birth dates, ethnicity, preferred language, insurance information, diagnoses, medications, medication allergies, reports, and eyeglass and contact orders.

The attack has been reported to all appropriate authorities, including the HHS, CISA, and the FBI. New anti-ransomware software has been deployed along with new backup infrastructure, which the FBI has verified as providing very good security.

PHI Potentially Compromised in Cyberattack on The Stern Cardiovascular Foundation

The Stern Cardiovascular Foundation (SCF) has recently announced that it experienced a data security incident on September 6, 2022, that caused disruption to certain parts of its computer network. The Germantown, TN-based healthcare provider said it aggressively responded to the incident and engaged third-party technical experts to assist with the breach response and help mitigate and investigate the attack.

It was possible to quickly restore access to all computer systems and the attack did not disrupt patient services. On September 13, 2022, SCRF learned that the individuals behind the attack first gained access to its systems on September 4, 2022, and had access to the network until September 6. During that time, they may have viewed and/or exfiltrated data, including the personal and health data of patients and other individuals associated with SFC.

The investigation into the attack is ongoing, but there are no indications that the electronic medical record system has been accessed. At this stage, it has yet to be confirmed how many individuals have been affected or the exact types of information that may have been compromised. The breach has been reported to the HHS’ Office for Civil Rights as affecting 501 individuals – a placeholder until the full extent of the data breach is confirmed. SFC said it has been working with external cybersecurity experts to remediate the attack and harden its defenses.

University Medical Center of Southern Nevada Alerts Patients About Insider Data Breach

University Medical Center (UMC) of Southern Nevada has recently written to 1,861 patients to advise them that a former employee has accessed their medical records when there was no legitimate work reason for doing so. UMC identified the HIPAA breach during a September 2022 review of medical record access.

The investigation confirmed that the employee had accessed patient records on the electronic medical record system between May 19, 2021, and September 22, 2022. The records contained demographic, insurance, and clinical information. UMC said the individual is no longer employed by UMC and no evidence was found to indicate any information has been copied, misused, or further disclosed. Policies have since been updated to prevent similar incidents in the future and further training has been provided to the workforce.

PrimeCare Medical Affected by CorrectCare Integrated Health Breach

Pennsylvania-based PrimeCare Medical, a provider of healthcare services to inmates of correctional facilities, has confirmed that some of the patients it serves have been affected by a breach at its third-party administrator, CorrectCare Integrated Health. A misconfiguration of a web server resulted in two file directories being exposed to the public Internet, which contained patient data such as full names, birth dates, Social Security numbers, DOC IDs, and limited health information, such as a diagnosis and CPT codes.

The exposed files were discovered on July 6, 2022, and were secured within 9 hours. They had been exposed from as early as January 2022 and may have been accessed by unauthorized individuals during that time. Third-party experts have been helping CorrectCare improve the security of its systems to better protect client information.

PrimeCare Medical says the protected health information of 22,254 individuals was exposed. Those individuals received healthcare services between July 1, 2018, and July 7, 2022.

The post PHI Potentially Compromised in Ransomware Attacks at MD, TX, and FL Healthcare Providers appeared first on HIPAA Journal.