Latest Healthcare Data Breaches Impact Providers Across the Country

December 01, 2022 - As we close out 2022, threat actors are not slowing down their efforts to target healthcare organizations across the country. The most recent string of healthcare data breaches reported to HHS shows a pattern of unauthorized access and some data exfiltration.

Dallam Hartley Counties Hospital District Breach Impacts 70K

Dallam Hartley Counties Hospital District (DHCHD) in Dalhart, Texas suffered a breach that impacted 69,835 individuals. According to a notice on the organization’s website, DHCHD discovered that an unauthorized party gained access to its network in late September 2022 and was able to acquire some files.

The files contained patient names, health insurance information, demographic information, medical information, and Social Security numbers.

“To help prevent something like this from happening again, DHCHD is enhancing the security of its systems,” the notice stated.

“DHCHD values the trust of its community and regrets any concern this incident may cause.”

85K Impacted by 2021 Breach at Mena Regional Health System

Arkansas-based Mena Regional Health System (MRHS) notified 84,814 individuals that an unauthorized party removed a limited number of files from its system in October 2021. MRHS did not discover the incident until November 2022.

The files contained names, Social Security numbers, driver’s license numbers, bates of birth, medical record and patient account numbers, treatment information, lab results, prescription information, financial account information, and health insurance information.

“MRHS is not aware of any reports of identity fraud or improper use of personal information as a direct result of this incident,” the health system stated.

MA Addiction Treatment Center Suffers Breach

Stanley Street Treatment and Resources (SSTAR), an addiction treatment center in Fall River, Massachusetts, notified 45,785 individuals of a breach that occurred in October 2021.

SSTAR discovered in September 2022 that an unauthorized party had removed some files from its system containing personal information. The files contained names, government ID numbers, Social Security numbers, financial account information, dates of service, dates of birth, medical information, and health insurance information.

SSTAR said it was unaware of any reports of identity theft or fraud as a result of the incident.

“SSTAR is committed to maintaining the privacy of personal information in its possession and has taken many precautions to safeguard it. SSTAR continually evaluates and modifies its practices to enhance the security and privacy of the personal information it maintains,” the notice stated.

FL Fire Protection Service Suffers Ransomware Attack, Health Information Impacted

South Walton Fire District (SWFD) in Florida suffered a ransomware attack in May 2022 that impacted 25,331 individuals. SWFD provides fire protection and emergency medical services.

On May 30, SWFD learned that an unauthorized party had temporarily gained access to its computer network. The attack impacted certain archived patient information, including names, Social Security numbers, treatment dates, birth dates, addresses, treatment information, and health insurance information.

SWFD began notifying impacted individuals of the ransomware attack on November 21. SWFD said that it was able to secure its digital environment and did not pay a ransom.

“The privacy and protection of personal and protected health information is a top priority for SWFD. Protecting patient information at all costs is a critical operational piece to SWFD’s role as a care provider,” the notice concluded.