The hacking of the South Shore hospital network affects the data of 116,000 patients

A number of nonprofit and community healthcare providers reported health data breaches to HHS last week, including South Shore Hospital in Chicago. (Sarah Stierch/, via Wikimedia Commons).

Chicago’s South Shore Hospital recently notified 115,670 current and former patients and employees that their data had been affected after a hack into the nonprofit organization’s network in early December.

On December 10, 2021, SSH discovered suspicious activity on its network and “activated its emergency operating protocols to continue to provide safe patient and family-centered care.” Although the incident looks like a ransomware attack, the advisory does not provide any further details about the hack.

An external forensics firm was hired to support the investigation, which revealed that the data involved could include patient names, social security numbers, contact information, birth dates, financial information, diagnosis, medical data, health insurance policy numbers and Medicare or Medicaid. information. Everyone involved will receive free identity theft protection services.

SSH has since strengthened its network security controls with stricter password requirements, enabling multi-factor authentication and retraining employees on data privacy and security awareness measures. The hospital has also implemented additional anti-malware and phishing tools, while planning to continue evaluating the effectiveness of its current security protocols.

Comprehensive Health Services Reports Violation of 2020 Incident

More than a year after responding to unusual activity on its network, Comprehensive Health Services is notifying an undisclosed number of patients that their data was potentially accessed or stolen in a hack of its digital environment.

CHS first learned of the incident on September 30, 2020, after discovering fraudulent wire transfers. The team secured the network and launched a digital forensic investigation to “determine what happened and identify any information that may have been accessed or acquired without authorization as a result”.

The CHS notice does not explain the lack of timely notification to affected patients, apart from describing a year-long investigation. But under the Health Insurance Portability and Accountability Act, covered entities and affected business associates are required to report data breaches affecting 500 or more patients within 60 days of discovery.

Impacted data that could have been viewed or acquired by attackers could include names, birthdates and/or SSNs.

AccelHealth patient data compromised in malware incident

An undisclosed number of patients at Cross Timbers Health Clinics in Texas, d/b/a AccelHealth, were recently notified that their data had potentially been accessed in a malware-related incident in mid-December.

AccelHealth discovered that some files were made inaccessible on December 15, 2021. The subsequent investigation revealed that some systems were infected with malware, which prevented access to certain files stored on the network. Further analysis confirmed that some files may have been subject to unauthorized access, beginning nearly a week before the cyberattack.

A forensic examination conducted on January 14 determined that the compromised information varied by patient and could involve names, social security numbers, contact information, birth dates, driver’s license numbers, details of financial accounts, health insurance data, medical record numbers, and treatment or diagnostic information. .

AccelHealth is working to add technical security measures to its current toolkit to prevent it from happening again, while reviewing and strengthening its existing data privacy policies and procedures.

Philadelphia FIGHT reports ‘criminal cyberattack’

A “criminal cyberattack” on Philadelphia’s FIGHT Community Health Centers has led to the potential access to legally protected patient information. This is one of the most concerning health incidents in recent months as Philadelphia FIGHT provides primary care and HIV care to low-income people. In total, 15,000 patients could be affected.

A cyberattack hit the provider on November 30, prompting the security team to shut down its network to prevent the attack from spreading. The ensuing investigation confirmed that the attack had no impact on its electronic medical system (EMR) or any clinical systems, only “certain non-clinical systems in the network were accessed by the criminal actor “.

Investigators later determined that the affected systems held protected health information. Philadelphia FIGHT could not determine if the data was accessed or stolen by the hacker. So far, there is no evidence that the data was published or used fraudulently.

Compromised data includes patient names, social security numbers, birth dates, diagnoses, treatments, and health insurance information. Philadelphia FIGHT continues to work to identify and contact everyone involved.

The health center is currently working to develop and implement enhanced safety protocols to prevent a recurrence.

Family Christian Health ransomware attack affects 31,000 patients

A total of 31,000 patients at the Family Christian Health Center in Illinois were recently notified that their protected health information had been compromised before a November 30 ransomware attack.

“Over the past two years, despite the unprecedented demands of the COVID-19 pandemic, FCHC has worked hard to strengthen its IT systems and network security, as well as provide additional privacy training to employees. and security to address the evolving nature of cyber threats to the healthcare sector,” according to its opinion.

Despite his efforts, officials say they discovered that the attacker gained access to the FCHC network nearly two weeks before the ransomware was deployed. Thanks to its previous security improvements, the FCHC was “able to care for patients without significant disruption despite the attack”.

However, the investigation could not rule out the potential compromise of patient data which varied between individuals, the type of care they received at FCHC and whether their data was contained in a compromised PDF of records prepared for the Health Resources and Services Administration.

The ransomware attack compromised dental data older than August 31, 2020 and stored on a legacy dental system, which could include names, birth dates, contacts, insurance cards and driver’s licenses. Credit, SSNs and other dental information do not appear to have been affected.

The attack also affected healthcare data from non-dental services received between December 5, 2016 and August 31, 2020, and affected patients who were registered through an electronic system compromised by the ransomware infection. The attack impacted some patient records in this system, affecting data similar to that described above, social security numbers and insurance identification numbers.

The ransomware-infected HRSA .PDF file contained the protected health information of approximately 20 patients and included clinical information from a single visit in 2021, such as names, patient ID numbers and date of visit. visit. No other sensitive information from this subset of patients was compromised.

FCHC has hired a forensic consultant to support investigation and recovery efforts, as well as to conduct a review of existing security measures to determine recommended improvements. The supplier has already taken steps to strengthen its technical guarantees.

Source link