- A ransomware attack on the Podiatric Offices of Bobby Yee corrupted and possibly altered the medical records of 24,000 patients, according to a recent notification.
Typically, ransomware merely encrypts the data on the infected computers, workstations or servers, along with any systems connected to the impacted device. However, the attack on the Podiatric Offices concluded with the hack altering and potentially corrupting medical files – including patient data.
The affected data included patient names, Social Security numbers, health insurance policy details, medical records, dates of birth, phone numbers, gender, and addresses. Officials stressed that they found no evidence the data was exfiltrated or viewed.
“Once we became aware, we promptly took steps to protect your personal information and to determine the nature and scope of the issue,” officials said in a statement. “If there is indeed any alteration or corruption of your personal information, we may need to reconfirm or reconstruct the information, including your medical information.”
Third Health Data Breach for Humana in December
Bankers Life, a business associate for Humana, notified the health insurer on October 25 that a hacker accessed the system credentials of some employees, which provided access to the Bankers Life website where consumers apply for Humana health insurance.
According to the notification, the cybercriminal had access to the site between May 30 and September 13 – almost four months. Bankers Life discovered “unusual activity” on August 7 and launched an investigation with the help of an external forensics investigator. Law enforcement was also notified.
The hackers had access to applicant information including names, addresses, dates of birth, the last four digits of Social Security numbers, and health insurance policy details, like type, cost of coverage, and application or policy numbers. Full Social Security numbers and financial data were not breached.
Officials have since taken steps to restrict and monitor system access and enhanced security procedures, including additional staff training.
This was the third breach reported by Humana in December. The insurer reported a theft to the Department of Health and Human Services on December 31 that breached 684 patient records. And Humana’s Family Physicians Group was hit by a phishing attack that breached the data of 8,400 patients for about two weeks.
Phishing Attack on Chaplaincy Health Breaches 1,000 Patient Records
Washington-based Chaplaincy Health Care is notifying about 1,000 patients that their data was potentially breached after a phishing attack.
According to officials, Chaplaincy discovered an email account was hacked on November 20. Within a day of the discovery, the user account password was changed, limiting the breach to about four hours. Officials are working alongside a computer forensics team to investigate.
The compromised data included patient names, dates of birth, medical record numbers, the last four digits of Social Security numbers, prescriptions, addresses, and dates of service. No financial data, credit card details or complete Social Security numbers were breached.
Officials are providing employees with additional training and testing on how to safeguard patient data and have since added two-factor authentication.