- A hacker recently exploited a vulnerability in the TriTech billing software of North Carolina’s Pasquotank-Camden Emergency Medical Services, erasing some files and potentially breaching patient data.
Its initial notification to the Department of Health and Human Services noted that just 20,240 patients were impacted in the incident. However, the county health provider recently updated that number to about 40,000 patients, according to local new outlet DailyAdvance.com.
An investigation was launched with the help of an outside firm, Soundside Group, which officials noted was the same firm that helped the county provider during a previous cyberattack. Pasquotank-Camden EMS also contacted the county sheriff and its insurance carrier.
According to officials, the hacker gained access through security gap in its server’s billing software on December 14. The hacker was able to trick the IT team into thinking they were a normal user, giving them access to patient records from as early as 2005. But most records dated back to just 2010.
The hacker erased files, but no ransom demand was made. Officials also noted that no data was copied, but they are still investigating the security incident. However, they did confirm the cyberattack originated from outside of the United States.
Some of the text files were thousands of pages long, which made it difficult to review just what data was compromised, what patients needed to be notified, and how the event occured.
Pasquotank-Camden EMS contacted TriTech about the vulnerability, for which TriTech was not aware, and they’ve since closed the gap. Currently, the county is reviewing its software for other vulnerabilities and Soundside has since tested the county’s cyber-defenses.
Officials are also considering moving the data from local storage to TriTech’s cloud platform. They also stressed the hack was not caused by its own cybersecurity: the hacker exploited the flaw in TriTech’s software to gain access.
All impacted patients have been offered a year of free credit monitoring and credit restoration services, should it be necessary.
Ransomware Attack on Maffi Clinic Impacts 10,000 Patients
Maffi Clinics in Arizona fell victim to a ransomware attack on September 11, which potentially compromised the data of 10,465 patients.
Upon discovering unusual activity on one of its servers, officials said they immediately launched their security breach protocols. The steps included immediately shutting down all servers and computers, along with employing an outside IT consulting firm to help with the security incident.
They confirmed a hacker gained remote access to Maffi Clinic’s server and installed ransomware. Officials said the IT firm was able to locate the unauthorized access point and terminate it. They also isolated and removed the ransomware and restored the unencrypted data.
The server contained a limited amount of patient data, including names, addresses, phone numbers, and pre- and post-operative records. No Social Security numbers or credit card information were included in the compromised data.
Further, the IT team determined that access began just five hours before it was discovered by officials.
The investigation also found no evidence the impacted files were viewed or downloaded, and Massi Clinic has yet to receive a ransom request. However, “out of an abundance of caution,” officials sent notifications letters to all impacted patients.
Officials are continuing to implement and evaluate additional security measures to limit the possibility of a recurrence.
Direct Scripts Reports Ransomware Attack Impacting 9,300
Ohio-based pharmacy benefits manager Direct Scripts recently began notifying about 9,300 patients that their patient data was potentially compromised during a ransomware attack.
Officials first discovered the hack on January 30 and launched an investigation to determine the extent of the infection. They determined the ransomware locked the server that stored Direct Scripts’ customer data.
The potentially compromised data included patient names, addresses, and prescription details. However, the server did not have any stored Social Security numbers or credit card data.
Business Associate Laptop Theft Breaches 2,088 Patient Records
Healthcare provider business associate, Massachusetts-based Re-Solutions, a division of RSC Insurance Broker, recently began notifying clients that some of their data was potentially breached due to a theft of an employee laptop.
The employee’s laptop was reported stolen in on Aug. 23, 2018. Officials said the laptop was password-protected. But they did not disclose whether it was encrypted or if they had the ability to remotely wipe the drive, upon discovery.
Officials contacted local law enforcement, changed the employee’s account credentials, and launched an investigation with assistance from a cybersecurity firm. The notice does not outline the specific data potentially compromised by the theft, but it appears the data varies by patient.
What’s concerning is that RSC Insurance did not begin notifying its clients until nearly five months later on Jan. 22, 2019, once the investigation and analysis of the theft was completed. Under HIPAA, covered entities and business associates are required to report a breach within 60 days of discovery.
RSC Insurance notified the Department of Health and Human Services and the impacted patients of the security incident on March 1. Officials said they’re “enhancing the security measures on devices that store personal information.”
Oklahoma Heart Hospital Reports Computer Theft
About 1,200 Oklahoma Heart Hospital patients have been notified that their data was potentially compromised after the theft of four desktop computers in January.
The computers reportedly contained patient data, such as names, dates of birth, addresses, phone numbers, and some clinical information. Medical data and other patient records are stored on a separate, secured server, not on the stolen computers.
The theft occurred while offices at the Tower Building of Mercy Hospital in Oklahoma City were being vacated. Officials said they’ve since revised some procedures in an attempt to prevent a similar occurrence.