NH Medical Device Company Faces Data Security Incident, 81K Impacted

May 16, 2022 - New Hampshire-based veteran-owned medical device company NuLife Med disclosed a data security incident that impacted 81,244 individuals. According to a notice on its website, NuLife Med discovered the incident on March 11 and later determined that an unauthorized actor had potentially viewed or acquired information between March 9 and March 11.

As of May 9, NuLife had found no evidence of identity theft or fraud resulting from the event, and it could not “say with certainty the exact files that were potentially accessed or acquired by the unauthorized third-party, other than a limited number.”

The impacted information potentially included names, medical information, health insurance information, addresses, some Social Security numbers, financial account information, and driver’s license information.

“We take this event and the security of your information seriously,” the notice stated.

“Upon learning of this event, we moved quickly to investigate and respond to the event, assess the security of our systems, and identify any impacted data.”

Oklahoma City Indian Clinic Updates Cyberattack Information

As previously reported, Oklahoma City Indian Clinic (OKCIC) experienced a cyberattack in March that disabled certain pharmacy services. OKCIC is a 501(c)(3) nonprofit that serves over 20,000 patients from 200 Native American tribes in Oklahoma.

A prior update stated that OKCIC’s pharmacy automatic refill line and mail order services would be down “for an indeterminate amount of time.” The clinic directed patients to call the pharmacy if they needed prescription refills. The clinic appears to be fully operational again.

According to the Office for Civil Rights, the incident ended up impacting up to 38,239 individuals. On May 3, OKCIC posted an update on its website with additional information about the breach. OKCIC’s investigation determined that certain information may have been accessed by an unauthorized actor during the incident.

The clinic said it had no reason to believe that any data was misused.

The impacted data contained names, birth dates, prescription information, medical records, physician information, Tribal ID numbers, Social Security numbers, driver’s license numbers, and treatment information.

“Upon discovering this incident, we reset account passwords and implemented additional security measures to further protect information,” the notice stated.

“We are also providing potentially impacted individuals with access to credit monitoring and identity protection services as an added precaution.”