- An employee of Memorial Hospital at Gulfport, Mississippi fell victim to a phishing attack, which breached the data of 30,000 patients for more than a week in December.
On December 17, officials discovered an unauthorized party gained access to an employee email account on December 6. The account was immediately secured, and an investigation was launched to determine the scope of the incident.
The investigation determined the patient data contained in the emails included names, dates of birth, health data, and or information about services received at MHG. For a limited number of patients, Social Security numbers were included in the breached data.
Patients whose Social Security numbers were compromised with receive a year of free credit monitoring and identity protection services.
Hampton Roads Community Health Center Server Compromise
Portsmouth, Virginia-based Hampton Roads Community Health Center discovered a hacker breached its IT infrastructure in December, which contained some patient files.
The security incident occurred on December 17, and law enforcement was contacted the same day. The investigation determined the files potentially contained names, gender, dates of birth, health plans, plan member identification numbers, and medical conditions.
For some patients, Social Security numbers, credit card data, driver’s licenses, and or addresses were compromised.
HRCHC filed a report with the FBI Cyber Security Division. Officials said they continue to investigate the incident and has since bolstered its security to prevent a recurrence, including encrypting and upgrading its servers.
“We are continually reinforcing our existing policies and practices and evaluating additional safeguards to prevent this type of incident from occurring in the future,” officials said in a statement.
Arizona Provider Refuses TheDarkOverLord Extortion Attempt, Reports Breach
The computer network of Arizona plastic surgeon Robert Spies, MD was hacked by the cybercriminal hacking group TheDarkOverLord, which breached the data of 5,524 patients.
Spies became aware of the hack on December 10 and immediately contacted the FBI and local law enforcement. The practice hired a third-party forensics team to determine if the systems and data were at risk.
The investigation determined hackers potentially viewed or accessed documents containing the personal and health data of patients, including names, procedure notes, diagnoses, medications, health insurance numbers.
A small number of Social Security numbers, driver’s licenses and or passport numbers were breached, for patients who provided those documents for verification purposes. Some credit card numbers, financial account numbers, or pre-op photos were compromised, as well.
TDO posted a notice online in December claiming to have hacked a high-end plastic surgeon’s office in Arizona, according to DataBreaches.net. The file contained an archive with more than 500MB of data, with files as recent as December 5.
The hacking group has attempted to extort a wide range of victims, especially from the healthcare sector. TDO was behind the hacks of SMART Physical Therapy in Massachusetts and Auburn Eye Care, among others.
CHI Health Reports Security Incident from Third-Party Device
Nebraska-based CHI Health recently reported a security incident caused by a device infected with malware brought in by a third-party vendor, according to local news outlet The Grand Island Independent.
Some of the health system’s hospitals and clinics were impacted by the virus for two days last week, infecting the browsers used to connect with the hospital’s internal network. In response, officials shut down some devices used to access the EHR, especially the portable ones until they could be checked to ensure they were not infected.
Other points of access to those records remained available during the security incident. And as CHI Health had a downtime procedure plan, staff were able to maintain patient care – in some cases recording data on paper to be uploaded at a later time. Others were able to use desktop devices.
Officials stressed the virus did not cause an external breach or hack. Patient care and medical devices were also not impacted. The virus was contained by February 13.