- Maryland-based Chase Brexton Health Care reported that “a number of” its employees fell for a phishing scam between August 2, 2017 and August 3, 2017.
Employees received a “bogus” survey via email, which once completed, gave email access to an unknown third-party. From there, the attacker logged into the email accounts and re-routed employee paychecks to an unknown bank account.
Chase Brexton discovered the issue on August 4, 2017, and account access to the compromised accounts was terminated. The organization added that it does not believe the unauthorized individual looked at anything other than payroll information, some emails in the accounts did contain patient information.
Patient names, patient ID numbers, dates of birth, addresses, provider names, diagnoses codes, line of services, service locations, visit descriptions, insurance, and medication information may have been included.
The OCR data breach reporting tool states that 16,562 individuals may have been impacted.
Chase Brexton said it changed passwords to the email accounts, installed new email filters, trained employees, and “added security protocols to stop this from happening in the future.”
Identity repair services will also be offered to potentially affected individuals out of an abundance of caution.
Possible unauthorized network access might have led to scam calls
Advanced Spine & Pain Center (ASPC) recently announced a summer security incident where patients received phone calls asking them to pay outstanding balances.
ASPC said it started to investigate the incident on July 31, 2017.
“Recent monitoring of the network did not identify any unauthorized users accessing its network,” ASPC said in an online statement. “Analysis of the server was inconclusive when trying to determine if any private information was accessed. Also, it could not be determined whether this incident was linked with the initial security incident involving telephone calls to a limited number of patients.”
Demographic information such as names, addresses, Social Security numbers, dates of birth, states, zip codes, telephone numbers, and gender may have been accessed. Medical records, labs, x-rays, and scheduling notes may also have been viewed. Additionally, the network included primary insurance, CPT codes, phone, ID numbers, and Group numbers.
Financial or payment information, such as credit card or bank account information were not included.
The OCR data breach reporting tool lists 8,352 individuals as potentially being affected.
“A variety of security measures were in place before this incident, including network filtering and security monitoring, firewalls, antivirus software and password protection,” ASPC stated. “The practice also is taking appropriate measures to secure its network. Its investigation is ongoing, and patients will be notified of any significant developments at the practice’s website.”
Ransomware attack affects Missouri facility
Bridget P. Early, M.D., LLC d/b/a Namaste Health Care (Namaste Health Care) reported that a cybersecurity attack led to unauthorized file server access from August 12, 2017 to August 13, 2017.
Following the initial attack, a ransomware virus was then launched onto the file server and encrypted data kept on that server since August 14, 2017.
Namaste Health Care discovered the issue on August 14, 2017 and disabled the unauthorized access and took the computer systems offline. It then started an investigation and began to eliminate and remediate the attack.
“We terminated any further remote access permissions pertaining to the system, and we then subsequently paid the cyber attacker’s ransom demand in order to obtain the decryption key and restore the encrypted data,” Namaste said, adding that it was able to restore the system and recover all data days after the attack.
Individuals who made an appointment with Namaste Health Care or visited the facility on or prior to August 14, 2017 may have been impacted.
The affected data may include names, addresses, dates of birth, Social Security numbers, medical record numbers, health insurance information, and information related to the visit/appointment purpose.
“Over and above our extensive investigation and response activities, we took steps to further evaluate and address any potentially-similar cyber security issues moving forward,” the organization said. “As a result, in addition to security measures that were already in place, Namaste has further upgraded the computer systems generally, including robust upgrades to firewalls and remote access technology.”
The OCR data breach reporting tool states that 1,617 individuals may have been impacted.
Unauthorized employee email access may affect 1.3K in GA
Atlanta, Georgia-based RiverMend Health announced that it identified suspicious emails being sent from an employee account on August 10, 2017. The unauthorized access reportedly began on or about July 27, 2017 until August 11, 2017.
OCR reports that 1,300 individuals may have had their data affected.
There is no evidence that patient information was misused or targeted, but the organization encourages individuals to carefully monitor their accounts, explanations of benefits, and credit reports.
Patient names, addresses, ages or dates of birth, RiverMend facility referral source, services rendered, and diagnostic, demographic, insurance, and/or billing information might have been involved.
“RiverMend has been diligently working to determine the full nature and scope of this event, and have retained the services of a leading forensic investigation firm to assist with these efforts,” the organization stated. “RiverMend takes the security of information very seriously, and is taking steps to help ensure that a similar situation does not occur again.”