An email security breach at LSU Health University Medical Center-New Orleans resulted in the potential compromise of the protected health information (PHI) of some patients.
LSU Health New Orleans Health Care Services Division reported on November 20, 2020 that it has experienced a security breach that involved the email account of a worker in September 2020. During the time, it looked like the breach merely affected a number of patients who had acquired medical services in the following healthcare centers: Leonard J. Chabert Medical Center in Houma; Lallie Kemp Regional Medical Center in Independence; W. O. Moss Regional Medical Center in Lake Charles; and the former Earl K. Long Medical Center in Baton Rouge; University Medical Center in Lafayette; Bogalusa Medical Center in Bogalusa; or Interim LSU Hospital in New Orleans.
LSU Health’s continuing investigation uncovered that the information of a number of patients of its partner hospital, University Medical Center-New Orleans, was additionally found in the compromised email account.
The breach happened on September 15, 2020 and LSU Health discovered it on September 18. Although an unauthorized individual accessed the email account, there is no particular evidence found regarding the access or misuse of PHI.
The breach involved varying types of information, which may have included patients’ names, addresses, phone numbers, medical record numbers, account numbers, Social Security numbers, dates of birth, dates of service, types of services obtained, and health insurance data. The bank account number and health data of a small percentage of patients might also have been exposed.
Beebe Medical Foundation Impacted by Blackbaud Ransomware Attack
Beebe Medical Foundation based in Lewes, DE has announced that it was impacted by the Blackbaud ransomware attack. Beebe Medical Foundation explained in a breach notice last December 28, 2020 that it received a notification from Blackbaud on July 16, 2020 about the ransomware attack that compromised Blackbaud’s systems from February 7, 2020 to May 20, 2020.
It just became obvious that Beebe records were affected in November 2020. After performing a review of the actual information involved, Beebe stated on December 2, 2020 that the attackers obtained access to the personal information of 56,953 people. The stolen records included names, birth dates; physician names; dates of assessment; visit dates; and the department associated with medical services received.
Blackbaud paid the attackers their ransom demand and was assured that the stolen information has now been destroyed; nevertheless, as a safety precaution, Beebe is sending breach notifications to impacted individuals.