– The North Florida OB-GYN in Jacksonville, part of Woman’s Care Florida, recently began notifying 528,188 patients of a months-long cyber incident that potentially breached their health information.
First discovered on July 27, officials said they determined certain parts of their computer systems were impacted by a cyber incident that began on or before April 29, nearly two months earlier. A preliminary assessment determined “improper access” occurred on some portions of the networked computer systems.
The virus encrypted certain files, but officials did not share whether the virus was ransomware. The computer systems were promptly shut down and incident response and recover procedures were launched. The FBI was contacted and North Florida OB-GYN began its own forensic investigation.
The impacted data included patient names, demographic details, dates of birth, Social Security numbers, driver’s licenses or identification card numbers, employment information, health insurance data, and health information, such as treatments, diagnoses, medical images, and related information.
All patients will receive complimentary identity theft protection services.
The Florida provider decrypted the impacted files or recovered nearly all affected files. Officials said they’ve also taken steps to bolster security safeguards for the affected systems to prevent a recurrence. North Florida OB-GYN has also strengthened its virus detection and other systems, along with other security measures.
Phishing Incident at The Methodist Hospitals
Two employees of the Methodist Hospitals fell victim to phishing scams, which potentially compromised the data of about 68,039 patients.
In June, officials said they detected unusual activity in an employee’s email account. An investigation determined that one employee email account was breached on June 12, and again for a week between July 1 and July 8.
The other account was compromised for about three months between March 13 and June 12. The investigation could not rule out the possibility of access to the data in the accounts.
The compromised data varied by patient, but could include names, contact information, health insurance subscriber, group, and or plan numbers, Social Security numbers, driver’s license or state identification numbers, passport details, financial account numbers, payment card information, electronic signatures, usernames and passwords, dates of birth, medical record numbers, and even medical diagnoses, among other identifiable information.
“While we have security measures in place to protect data in our systems, we are reviewing our existing policies and procedures and implementing additional safeguards to further protect information,” officials said in a statement.
The incident has been reported to the Department of Health and Human Services Office for Civil Rights and other relevant regulators.
UAB Medicine Phishing Attack
The University of Alabama (UAB) Medicine is notifying 19,557 patients that their data was potentially compromised after a phishing incident.
According to officials, hackers gained access to several employee email accounts containing patient information. The phishing scam was crafted to look like an authentic request from an executive asking employees to complete a business survey.
While employees do receive education and training to recognize phishing attacks, “a number of employees accessed the survey and provided their username and password to the hackers.” As a result, the cybercriminals were able to access the employees’ email accounts, as well as the payroll system.
The UAB Medicine EHR and billing systems were not impacted by the hack.
The investigation determined the phishing attack and compromise began on August 7. Upon discovery, the accounts were secured and passwords were reset. Officials said the investigation determined the hackers were attempting to divert employees’ automatic payroll deposits to an account controlled by the hackers.
UAB Medicine was able to prevent all attempts by the hackers to redirect the payroll deposits. While officials said there’s no evidence the patient data was what the hackers were seeking out, limited protected health data could have been viewed by the hackers while they accessed the employee email accounts.
The impacted data varied by patient, but could include names, medical record numbers, birth dates, dates and location of service, diagnoses, and treatments. Some Social Security numbers were included for a small subset of patients.
“UAB Medicine continually trains employees regarding these types of cyberattacks and is increasing its efforts to educate employees about email and data security,” officials said in a statement. “The additional security protection of multifactor authentication also has been implemented for all employee emails.”
Campbell County Health Ransomware Update
Campbell County Health was forced into downtime procedures at the end of September after a ransomware attack crippled its computer system. Patient care was disrupted, outpatient labs were unable to operate, and some surgeries were canceled.
What’s more, CCH stopped accepting new patients and others were diverted into area hospitals. By October 7, all CCH providers, clinics, lab, and radiology were back to fully functioning. The clinics and other care areas were calling patients who needed to reschedule appointments.
However, CCH respiratory therapy and its Sleep Center remain closed more than two weeks after the intial cyberattack.