- Wisconsin-based Scenic Bluffs Community Health Centers said that it experienced a healthcare data breach in which attackers gained access to a staff member’s email and may have stolen information on 2,889 patients, according to a press release posted April 27 on TheCountyLine.net.
The healthcare provider discovered on March 1 that one staff email account had been hacked on February 28 by an unauthorized party. This party set up a forwarding mechanism for the emails. Once this was discovered, it was disabled and only 44 emails were forwarded, none of which contained any protected health information (PHI), the provider said.
The healthcare provider mailed notifications on April 23 to those affected by the breach.
Scenic Bluffs CEO Mari Freiberg said that his company is working with an outside cybersecurity firm “to further evaluate our systems and identify solutions based on the ever-evolving landscape.”
Pennsylvania Hospital Patients Swept Up in FastHealth Breach
Patients of a hospital in Lancaster, Pennsylvania, may have had their information compromised by the previously disclosed breach at third-party website hosting vendor FastHealth, reported TV station WGAL on May 1.
The hospital, formerly known as Lancaster Regional Medical Center now known as UPMC Pinnacle Lancaster, used FastHealth as its website hosting service.
Information that may have been exposed includes patients’ names, Social Security numbers, birth dates, and driver’s license numbers.
In a statement, the hospital said: “The FastHealth data breach occurred prior to UPMC Pinnacle owning UPMC Pinnacle Lancaster. No patient information was affected. All inquiries should be submitted directly to the vendor, FastHealth.”
FastHealth was informed by law enforcement on November 2, 2017, that an “an unauthorized third party may have accessed or acquired certain information from FastHealth databases.” An investigation revealed that unauthorized access to a web server happened in mid-August 2017.
FastHealth did not say how many people have been affected by the breach, but it informed OCR that 1,345 individuals may have been impacted. Since then, reports of healthcare providers informing their patients affected by the breach have trickled out, including at Oregon-based Curry Health Network and Michigan-based War Memorial Hospital.
Montana Hospital’s Email Breach Exposes Data on 949 Patients
Montana-based Billings Clinic’s email system was breached, and personal information on 949 patients who used the Atrium Pharmacy at the hospital’s main campus has been exposed, reported the Billings Gazette April 27.
Information that was exposed included patient names, dates of birth, phone numbers, and amounts owed to the pharmacy. The hospital stressed that the breach did not affect its electronic medical records or financial systems.
Potential victims have been sent letters informing them of the breach.
The hospital became aware of unusual activity on its email system in February and hired a digital forensics firm to investigate. The firm discovered that an unauthorized individual had viewed emails containing patient information.
“With these cyber-security threats expanding across the globe, we continue to invest in technology and educate our employees,” hospital spokesman Luke Kobold told the Gazette. “As rapidly evolving as these attacks are, we need to constantly be on our toes.”
Nebraska Provider Loses Patient Medical, Financial Data in Theft
Nebraska-based Complete Family Medicine reported that on March 1 burglars stole a computer component of an EKG machine and uncashed patient checks stored in a locked safe, according to the provider’s public notice posted April 30 on DataBreaches.net.
The computer contained personal information on patients who had an EKG performed at the healthcare provider, including full names, dates of birth, and EKG images. The stolen checks included patients’ names, addresses, and bank account information.
Complete Family Medicine said it notified law enforcement personnel, who were able to recover some of the stolen checks. The provider sent letters to those affected by the theft and is providing free credit monitoring service for one year to the patients whose checks were stolen.
“Complete Family Medicine is reviewing its policies and procedures to determine if any changes are necessary to its physical security or how information is maintained. We deeply regret any inconvenience this incident may have caused patients and their families,” according to the public notice.