- South Carolina-based Milestone Family Medicine, formerly with Bon Secours St. Francis Health System, recently began notifying patients that their data was potentially breached by an unauthorized individual.
Officials discovered a hacker gained access to some Milestone systems on January 4. Steps were taken to secure the systems, and officials launched an investigation with help from a third-party forensics team.
They determined patient information was potentially compromised including names, Social Security numbers, dates of birth, health insurance details, and other care-related data. A spokesperson told DataBreaches.net that the cyberattacks targeted the EHR system that allowed remote user access.
Those internet connections not actively used to support patient care have since been shut down to prevent a repeat attack.
400,000 Columbia Surgical Patient Records Breached
On February 18, Columbia Surgical Specialists of Spokane reported a breach to the Department of Health and Human Services, which impacted 400,000 patients.
Currently, there’s no public breach notice on the Columbia Surgical site, so not much is known as to the extent of the attack. The cyberattack is being reported as ransomware, which hit the specialist on January 7. The provider did not pay the ransom, and the encrypted files were restored from backups.
Wolverine Solutions Expands Breach Notifications
Wolverine Solutions Group was hit by a ransomware attack in September and has been steadily releasing breach notifications over the course of five months. Wolverine provides services for about 700 health companies, including about 1.2 million individuals in the country.
As a result, officials said it took a great deal of time to assess just what clients and data was impacted by the cyberattack; hence the rolling notifications. Blue Cross Blue Shield of Michigan was one of the first to be notified on November 8 that some of their policyholder data was compromised in the cyberattack.
And just this week, Three Rivers Health and Health Alliance Plan was added to the list of breached providers. About 8,000 Three Rivers patients were included, while Health Alliance saw about 120,000 patients records compromised in the attack.
Several more providers have since been added to the list of entities breached by the Wolverine ransomware attack. Michigan’s North Ottawa Community Health System began notifying 15,000 patients this week of the security incident.
Four other Michigan-based providers were also notified this week. Mary Free Bed Rehabilitation Hospital is notifying thousands of patients, while 45,000 Covenant Hospital patients were included. Sparrow Hospital data was also involved in the breach.
McClaren Health Care was the last Michigan provider include in this week’s breach notifications from Wolverine. McLaren was notified by Wolverine on December 10. Under HIPAA, providers have just 60 days to notify patients of a breach.