Breach of Records at LogicGate and Hoboken Radiology

The risk and compliance company LogicGate has discovered a security breach that resulted in the potential compromise of the protected health information (PHI) of 47,035 people.

LogicGate explained in breach notification letters that an unauthorized individual gained access to credentials for its Amazon Web Services cloud storage servers which are used to store backup files of customers that use its Risk Cloud platform.

The Risk Cloud Platform is employed by organizations to identify and deal with compliance risks and take care of information protection and security requirements. All backup files kept in AWS S3 buckets are coded, however, the attacker had used stolen credentials to decrypt information. The backup records included customer information that was loaded to their Risk Cloud environment before February 23, 2021. LogicGate stated it failed to determine any decrypt events connected with clients’ saved attachments.

It is presently uncertain if the attacker exfiltrated any customer information and there was no information published regarding the way the credentials were acquired.

Hoboken Radiology Notifies Patients About Potential Breach of Medical Photos and PHI

Hoboken Radiology based in New Jersey has begun sending notifications to patients regarding a security breach that happened between June 2, 2019 and December 1, 2020. In a recent press release, Hoboken Radiology stated it obtained a notification on November 3, 2020 regarding suspicious activity on its medical imaging server.

Third-party cybersecurity professionals were employed to inspect the incident and determine if any patient data had been acquired by unauthorized individuals. The investigation is still in progress, however, it was confirmed that there were suspicious relationships from an external source during the earlier mentioned dates. The impacted server comprised patient information which could have possibly been viewed or obtained by unauthorized persons.

An analysis of files on the server confirmed they included a variety of patient data such as names, genders, dates of birth, treatment dates, referring physician names, patient ID numbers, accession numbers, medical photos, and a description of those pictures. There were no compromised Social Security numbers, payment card information, financial details, and medical insurance data.

Although it was established that there was an unauthorized access to the server, no proof was identified that indicates the actual or attempted improper use of patient information. Policies, procedures, and processes associated with storage of and access to personal records are being evaluated and will be kept up to date to better take care of patient records down the road.

Hoboken Radiology already reported the breach to the proper authorities however there is no publication of the information on the HHS’ Office for Civil rights portal, therefore it is uncertain specifically how many people were affected.