Healthcare Information Security

Patient Privacy News

St. Mark’s Ransomware Attack Could Affect 33K Patients

Recent potential data breaches include two ransomware attacks, two phishing attacks, and a keylogger virus.

Health Data Security

Source: Thinkstock

By Kate Monica

- St. Mark’s Surgery Center, LLC suffered a ransomware attack between April 13 and April 17, 2017 that impacted its server, according to an online statement.

On May 8, 2017, a forensics team found evidence the attack potentially affected the personal information of certain St. Mark’s patients. The data may have included patient names, dates of birth, health information, treatment information, and Social Security numbers.

The ransomware attack may have affected 33,877 patients, according to the OCR data breach reporting tool.

St. Mark’s said it immediately began an investigation to determine the extent of the damage. A third party forensics team determined there is no evidence to suggest any patient PHI has been misused at this time.

St. Mark’s has issued notices to all potentially impacted patients providing further information about the incident. Additionally, the healthcare center is offering concerned patients one year of free identity protection services.

READ MORE: Phishing Attack May Impact PHI of 3.4K at CA Treatment Center

“Since the ransomware attack, we have taken a variety of actions to prevent similar situations from occurring in the future,” St. Mark’s said in its statement. “These include installation of a more robust firewall, with unified threat management services; installation of a backup and disaster recovery system that includes active hourly imaging and offsite replication to redundant data centers; and ensuring that all devices are fully updated, and that they are protected by the latest antivirus software.”  

22K potentially affected by phishing attack at health plan organization

On June 6, 2017, Elderplan Inc. discovered evidence that an unauthorized individual had gained access to several employee email accounts following a phishing attack.

Elderplan said in an online statement that it immediately disabled the affected email accounts and blocked any further access to the initial phishing email.

Additionally, the organization launched an investigation into the incident with the help of a third-party forensic company. Elderplan stated “no suspicious activity was indicated in the short window of time before the affected email accounts were disabled, nor were any emails forwarded from the accounts.”

READ MORE: PHI of 4.7K Ohio Patients Affected by Unauthorized EHR Access

Potentially accessed information may have included patient names, insurance information, Medicare numbers, diagnoses, treatment dates, and treatment facilities.

The incident may have involved the patient information of approximately 22,000 individuals, according to the OCR data breach reporting tool.

Elderplan stated it cannot determine whether any accounts were viewed or accessed. However, there presently exists no evidence to suggest any information has been misused.

Elderplan started to mail notices to potentially affected members and established a call center to answer any questions regarding the phishing attack.

Additionally, the organization is offering free identity protection services to affected members for one year.

READ MORE: Ransomware Attack May Affect 10K Plastic Surgery Patients

MJHS suffers phishing attack potentially affecting 6K patients

MJHS Home Care recently became aware of an instance of unauthorized employee email access resulting from a phishing attack on June 8, 2017, according to an online statement.

MJHS immediately disabled the affected email account and blocked any further employee access to the phishing email.

The healthcare organization hired a third-party forensic firm to launch an investigation into the incident and determined there was no evidence to suggest any patient information had been misused in any way.

MJHS stated it cannot confirm with complete certainty that emails in the account were not viewed or accessed before the account was disabled.

Potentially accessed information may have included patient names, diagnoses, treatment dates, treatment facilities, and some insurance information and Medicare numbers.

The information of over 6,000 patients may have been involved in the breach, according to the OCR data breach reporting tool.

MJHS is presently emailing letters to impacted patients relaying the details of the incident. Additionally, the healthcare organization has set up a call center to answer any questions patients may have.

MJHS is also providing one year of free credit monitoring services to those patients whose Medicare numbers were included in the affected emails.

“To help prevent something like this from happening in the future, MJHS Home Care is implementing additional security measures for the access of email and use of mobile devices,” MJHS said in its statement. “We are also conducting refresher training for all MJHS Home Care employees on security procedures.”

MJHS suffered a similar phishing attack in 2016. In that case, 2,483 individuals may have been affected, according to the OCR data breach reporting tool.

Salinas family healthcare center suffers ransomware attack

On June 18, 2017, a ransomware attack encrypted some Salinas Family Healthcare Center (SFHC) computer workstations and network servers, according to an online statement.

In response to the incident, the healthcare center worked to secure the affected systems and investigated the incident. SFHC said it immediately restored its computers and servers using recent backup.

Additionally, SFHC enlisted the services of independent computer forensics experts to investigate how the incident occurred and determine the extent of the damage.

Experts did not find any evidence indicating patient information had been accessed. However, investigators stated they cannot rule out the possibility information had been accessed.

Potentially viewed information may have included patient names, addresses, Social Security numbers, dates of birth, health insurance information, and medical treatment information.

No financial information was involved in the incident, according to SFHC officials.

The healthcare center issued letters to potentially impacted individuals including information regarding steps they can take to avoid further damage. SFHC established a call center to answer any questions from concerned patients and has offered complimentary credit monitoring and identity theft protection services to affected patients.

SFHC did not say in the statement how many individuals were potentially affected by the incident.

Institute for Women’s Health discovers keylogger virus

The Institute for Women’s Health (IFWH) said in an online statement it recently discovered a keylogger virus on its computer network that was installed on June 5, 2017.

IFWH officials learned of the virus one month after it was installed, and removed it from the majority of all network computers and terminal servers by July 11, 2017.

Following the incident, IFWH issued notices to all patients potentially impacted.

The healthcare institute stated credit card or debit card information may have been affected for patients who paid for IFWH services with a credit or debit card between June 5, 2017 and July 11, 2017.

Other information potentially affected included patient names, addresses, dates of birth, Social Security numbers, scheduling notes, current procedural technology and billing codes, and any other information potentially keyed or typed into the IFWH system during the period the virus was active.

IFWH officials stated any patient information not keyed into the system and any patient portal information were not accessed at any time.

IFWH is offering potentially impacted patients free credit monitoring services, a $1 million insurance reimbursement policy, and educational materials regarding identity protection.

IFWH said it has implemented additional safeguards to improve the data security of its web server infrastructure and reduce the likelihood of similar incidents in the future.

The healthcare institute has also set up a call center to assist patients with any questions they may have regarding the virus.

IFWH did not state how many patients may have been impacted by the breach. 


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...