Breaches at Ascend Clinical, Alamance Skin Center, and Perry County Memorial Hospital

A phishing attack on Ascend Clinical based in Redwood City, CA, an ESRD laboratory testing provider for third party dialysis clinics resulted in a ransomware attack last May 2020.

Strange system activity as well as file encryption were noticed on or about May 31, 2020. Ascend Clinical immediately took action to segregate the impacted systems and investigated the incident to find out the nature and extent of the breach. A third-party security company helped Ascend Clinical to confirm that the attacker accessed its systems after an employee’s response to a phishing email.

Before deploying the ransomware, the attackers acquired access to files containing names, mailing addresses, birth dates, and Social Security numbers. Ascend Clinical, since then, have taken steps to reinforce its email security protection to avoid the same attacks later on.

The breach report sent to the HHS’ Office for Civil Rights showed that the breach affected 77,443 people.

Alamance Skin Center Experiences Ransomware Attack

A ransomware attack on Cone Health, a Greensboro-based health system, impacted only one practice, Alamance Skin Center located in Burlington, NC.

The ransomware attack happened in late July 2020. It seemed to have begun with a phishing attack or brute force attempt aimed at getting credentials. Cone Health took immediate action to isolate the affected systems and engaged third-party computer forensics specialists to evaluate the extent of the data breach. There was no evidence found that suggest the theft of patient information before file encryption. No report was received that indicate the misuse of patient data.

Nevertheless, some patient information was encrypted in the attack and cannot be recovered. Cone Health reports that the attack affected the protected health information (PHI) such as patient names, addresses, medical record numbers, dates of birth, diagnosis data, and date(s) of service.

The attack impacted the appointments system and was not accessible. Patients that have appointment were told to get in touch with the practice to confirm their scheduled appointment. Because it was not possible to determine with full certainty that the attackers did not access patient data, all affected patients were instructed to be cautious against reports of identity theft and fraud.

Alamance Skin Center is going over current policies and procedures and will implement extra safeguards to avoid similar incidents in the future.

Perry County Memorial Hospital Uncovers Email Security Breach

Perry County Memorial Hospital based in Tell City, IN found out that unauthorized persons got access to employees’ email accounts.

According to the investigation into the breach, the hackers accessed the email accounts on August 23, 2020. An analysis of the compromised accounts confirmed that they contained private patient information that may have been viewed or obtained by the attackers, although there was no proof of data theft.

The information possibly exposed only included names, birth dates, diagnoses/diagnostic codes, internal patient account numbers, healthcare provider names, and other health data, as well as the Social Security numbers, Medicare/Medicaid numbers, and health insurance information of certain patients.

Perry County Memorial Hospital is taking action to fortify email security to avert the same breaches from happening again. The hospital also offered the patients whose Social Security number was likely compromised complimentary identity theft monitoring services.