Healthcare Information Security

Latest Health Data Breaches News

New WannaCry Malware Strain Affects FirstHealth Computer Network

Recent cases of possible healthcare data breaches include a malware attack, a phishing scam, and a network facing downtime.

new wannacry malware strain affects NC facility

Source: Thinkstock

By Elizabeth Snell

FirstHealth of the Carolinas announced on its website that a new version of the WannaCry malware strain forced the organization to shut down its information system network.

A statement posted on October 20, 2017 said that FirstHealth’s computer network was shut down on October 17, 2017, and is working to ensure that all systems and devices are tested and then cleared of any threat.

“FirstHealth has more than 4,000 devices and more than 100 physical locations connected to its network, and each are being thoroughly checked to ensure there is no virus risk,” the organization said. “As a result of the quick response by the Information System security team, the virus did not reach any patient information, operational information or databases. Patient information has not been compromised.”  

An anti-virus patch was developed for the virus specifically and is being implemented throughout FirstHealth’s system. Other organizations will also be able to access the anti-virus software.

FirstHealth stressed that the incident was not related to its Epic EHR system, and said that FirstHealth MyChart is still accessible but the data has not been updated since the downtime.

READ MORE: 16K Patients Notified Following Phishing Scam in MD Facility

“We are experiencing some delays and appointment cancellations as a result of the downtime event,” FirstHealth said. “This does not apply to critical and emergent needs.”

A FirstHealth Facebook post dated October 24, 2017 said that the organization “is still operating under standard downtime procedures. The network will be fully restored once we validate that all systems and devices have been tested and cleared of any threat.”

FirstHealth did not specify how many individuals were possibly affected, and as of publication OCR did not have an incident listed.

Briggs & Stratton malware attack could impact 12K employees

Briggs & Stratton Corporation (Briggs) recently announced that it experienced a malware attack that may have involved information of employees, former employees, and dependents or insurance beneficiaries of those individuals.

Briggs’ computer systems at its Milwaukee, Wisconsin and Munnsville, New York locations were possibly compromised from approximately July 25, 2017 to July 28, 2017. The organization said it became aware of the incident on July 25, 2017 and immediately began to work on containing the incident and investigating what happened.

READ MORE: Kromtech Security Discovers Health Data Breach of 150K Patients

“Due to the ongoing investigation, law enforcement requested that we delay notifying you of this incident until now,” Briggs said in its notification letter. “In response to this incident, Briggs also hired forensic consultants to eradicate the malware, determine if any information was compromised, and help Briggs prevent an incident like this from happening in the future.”

Briggs added that affected individuals will be provided with free identity restoration services for one year, and may also choose to enroll in daily credit bureau monitoring.

Depending on an individual’s relationship with Briggs, different personal information may have been involved.

For example, a current Briggs employee located in Milwaukee, Wisconsin or Munnsville, New York who participates in a health plan offered by the company may have had the following information accessed, used, and/or disclosed:

  • Name
  • Social Security number
  • Address
  • Dates related to them, such as date of birth
  • Telephone number
  • Driver’s license number
  • State identification number
  • Employee ID
  • Individual taxpayer identification number
  • Medical information and health insurance information, including health plan beneficiary number
  • Passport number
  • Work related evaluations
  • Account log-in information, such as user names and email addresses with associated passwords, for Briggs’ accounts and other accounts accessed using Briggs’ computer systems at the Milwaukee, Wisconsin or Munnsville, New York locations during the timeframe of the potential compromise.

The OCR data breach reporting tool states that 12,789 individuals may have been affected.

Letters sent to patients may have revealed HIV status

READ MORE: Arkansas Facility Ransomware Attack Potentially Affects 128K

In yet another case of patients potentially having their HIV status exposed through mailings, Amida Care announced that fliers sent to members may have revealed certain data.

Members were sent double-sided fliers with an event notification on one side and information about an opportunity to participate in an HIV research project on the other side.

“Although the fliers were mailed in a security envelope with an additional blank sheet of paper to shield the flyer contents, the Company learned on August 2, 2017 that the words ‘Your HIV detecta’ may have been visible through the blank sheet of paper in the envelope windows of some mailings, next to the member’s name and address,” Amida said in its online statement.

Social Security numbers, Medicaid ID numbers, and other personal information or financial information were not contained in the letters, the organization added. There is also no reason to believe that any personal information was misused.

OCR reports on its site that 6,231 individuals may have been affected.

“Through its investigation, the Company confirmed that although the mailroom had been told to use non-windowed envelopes for this flyer, the envelope printer was not working and could not be repaired early enough for members to receive the event flyer on time,” Amida said. “The fliers were then mailed in windowed security envelopes with a blank sheet of paper in front of the flyer so that the flyer could not be seen. Unfortunately, certain words on the flyer were still somewhat visible through the envelope windows on some of those mailings.”

Amida explained that it is “developing a new protocol and quality control process” for mailroom employee training, as well as for individuals involved with member mailings.   

False credit card apps impact Carolina Oncology patients

North Carolina-based Carolina Oncology Specialists reported that it received credit card applications addressed to three of its patients to the organization’s street mailing address. One patient received additional false inquiries, Carolina Oncology stated.

“We share this information, not to alarm you, but to raise your awareness,” the organization said in an online statement. “While police have not linked this activity to our address or our patients, it’s too coincidental to ignore.”

“We are concerned that our patient’s name was used to open a false credit card account,” Carolina Oncology added. “We do not know if his personal information was used or not. That’s still under investigation.”

The organization also asked its EMR vendor to conduct a clinical analysis, which reportedly revealed that there has not been any “detectable breach or electronic tampering (hacking) of personal health information.”

The OCR data breach reporting tool states that 1,551 individuals were possibly impacted.

Carolina Oncology urged patients to check their credit activity and to contact a local credit bureau as well as local police if suspicious actions are found.  

Phishing scam targets Iowa DHS, impacts 820 individuals

The Iowa Department of Human Services (DHS) was the victim of an email phishing scam on August 23, 2017, according to a notification letter posted online. Nine DHS employees reportedly were fooled by emails that were designed to look like they came from another “trusted DHS employee,” the agency said.

“Fortunately, the campaign was discovered the same day the phishing email was sent to DHS, and the employees changed their passwords as soon as possible to block access to their email accounts and to minimize the potential for confidential information to be exposed,” DHS explained. “All DHS employees were quickly alerted to the phishing email campaign to prevent access to additional email accounts.”

The PHI of 820 individuals was possibly accessed, DHS said. There is no indication that the information contained in employee emails was actually used, but DHS said it will provide up to one year of complimentary credit monitoring services to those who were affected.

“Information on encrypting all emails that contain confidential information is being sent to all DHS employees,” the agency explained. “DHS is also implementing technological controls to prevent a hacker from accessing DHS email accounts by obtaining a user’s password.”

All DHS employees must sign an annual confidentiality statement and complete confidentiality training each year, the agency posited. The employees who fell for the August phishing scam were required to re-take the annual confidentiality training sessions. 


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks