Logan Health cyberattack, server hack leads to access to 214,000 people’s data

SEIU home care workers are speaking out and taking action through the use of visual media and imagery to demand that Congress finish the job and build back better to move the nation forward near the U.S. Department of Health Health and Human Services Jan. 4, 2022, in Washington. (Photo by Paul Morigi/Getty Images for Care Is Essential)

Logan Health Medical Center recently informed 213,543 patients, employees and associates that their personal and health data may have been accessed, after a sophisticated cyberattack on its computer systems led to the hacking of a file server containing protected health information.

On Nov. 22, the Montana provider responded to suspicious activity and “evidence of unauthorized access” to one of eight file servers used for business operations. An investigation revealed that certain files had been subject to unauthorized access, including employee PSI. The electronic medical record was not affected by the security incident.

The data compromised varied by individual and could include names, social security numbers, dates of birth, contact information and email addresses. Everyone involved will receive one year of identity monitoring services.

In a notice to employees, Logan Health CEO Craig Lambrecht reminded employees of their “important role in protecting patients’ private health information” and issued a number of security best practice reminders for employees. passwords and interacting with emails from unknown senders.

Logan Health has since assessed the status of its security measures and is currently working to add additional security measures and train employees.

JDC Healthcare reports malware incident, 6 months later

An undisclosed number of patients linked to JDC Health Management has just been made aware of an August 2021 malware incident, which may have resulted in the theft of their protected health information. JDC is a provider of dental care services.

First discovered on August 9, a malware incident affected some company systems, prompting efforts to restore the affected systems. An investigation with third-party forensic specialists determined that the JDC data was accessed and possibly acquired by the attackers for several weeks, beginning July 27, 2021.

JDC has launched a “comprehensive programmatic and manual review” to determine the type of information impacted by the incident. The review confirmed that potentially stolen data could include SSNs, clinical information, demographic details, driver’s licenses, health insurance data, financial information and other sensitive information.

The vendor reviews and strengthens its existing security policies. According to the advisory, the late reporting of the August 2021 incident was not caused by law enforcement. Under the Health Insurance Portability and Accountability Act, covered entities are required to report any PHI violations affecting more than 500 patients within 60 days of discovery.

DC, Houston Health Services Report COVID-19 Portal Incidents

In recent weeks, health departments in Houston and Washington, D.C., have reported security incidents that led to the inadvertent release of COVID-19 test result information to the wrong patients.

For the Houston Health Department, 10,291 people who used its COVID-19 test results portal were notified that a bug in the platform allowed 3,500 users to potentially access data belonging to other people. The incident was not caused by a malicious actor.

The exposure was linked to approximately 10,000 COVID-19 test results and related health information, including names, contact details, birth dates, email addresses, and test dates and results. The portal does not collect social security or financial information. The department was notified of the security issue on January 6, causing the portal to be disabled within 48 hours.

A review of the incident determined that the exposure was caused by a “technical glitch in the portal that mistakenly linked some user accounts.” The department has since put in place additional measures to prevent this from happening again.

Meanwhile, a report from a local NBC outlet revealed that the DC Health Department in the nation’s capital was also forced to take its COVID-19 test results portal offline for similar reasons. Shortly after its launch on February 14, some users reported that after entering their names and other relevant personal information on the portal, they received results from others.

The report shows that the names and dates of birth of the affected users were not similar. In response, the DC Health Department shut down the site to investigate. The health department released a statement saying it had received reports from a “small number of users”, but at this time it is unclear. DC residents have been encouraged to report similar incidents to the health department.

The portal was taken down in mid-February and, at press time, remains offline as the department continues its investigation.

Monongalia health system reports second breach in months

Just two months after notifying 398,164 patients that their protected health information had been compromised in a phishing attack and email account takeover, the West Virginia Health System is notify people another potential HIPAA data breach.

On February 28, Mon Health began notifying individuals that it had recently investigated and responded to a data security incident that led to the potential access to their data. Unusual activity was discovered in the computer network on December 18, “which disrupted the operations of some of Mon Health’s computer systems.”

The incident caused Mon Health to take “a significant portion of its IT network and systems offline”, leading to the initiation of downtime procedures. The notice does not detail the specific cause of the incident, simply that it led to the unauthorized access to information related to patients, providers, employees and contractors.

The investigation confirmed that electronic health record systems were not affected by the incident. However, threat actors gained access to the network from December 8 and December 19, when the intrusion was discovered. My Health was unable to exclude access to files on the affected computer systems.

For patients and members of the Mon Health Employee Health Plan, relevant data may include names, social security numbers, contact information, Medicare application numbers, birth dates, phone numbers, patient account number, insurance plan member identification numbers, medical record numbers, dates of service. , claims data and other sensitive medical and clinical treatment information.

The incident affected Mon Health and its affiliated hospitals: Monongalia County General Hospital Company, Stonewall Jackson Memorial Hospital Company and Preston Memorial Hospital.

Mon Health has since performed a company-wide password reset and implemented network hardening measures, in addition to contacting law enforcement.

As noted, the new notice comes just two months after a previous notice detailing a breach of patient and employee data linked to a phishing attack. These were two separate incidents. As previously reported, Mon Health discovered that a contractor’s email account had been taken over by threat actors, who used access to the account to send emails seeking to obtain funds via wire transfers. fraudulent emails.

The ensuing investigation uncovered the phishing attack that gained access to multiple employee email accounts as well as emails and attachments for three months.


Comments are closed.