Breaches at Imperium Health, Atrium Health and Saint Luke’s Foundation

Imperium Health Management based in Louisville, KY, a development services provider to Accountable Care Organizations (ACOs), is informing 139,114 people about the potential compromise of some of their protected health information (PHI) due to a new phishing attack.

Imperium Health discovered the attack on April 23, 2020. As per the investigation, two email accounts were compromised, one on April 21, 2020 and another on April 24, 2020 as a result of the employees’ response to phishing emails. The emails included hyperlinks that seemed to be legit however brought the employees to a web page where their email credentials were collected.

An analysis of the compromised email accounts showed that they held the following PHI: patient names, dates of birth, addresses,
medical record numbers, medical insurance information, account numbers, Medicare numbers, Medicare Health Insurance Claim Numbers (Social Security numbers probably included), and some clinical and treatment data. Imperium Health only knew on June 18, 2020 that the email accounts contained PHI.

An independent computer forensic agency helped with the investigation and affirmed the compromise of only two email accounts. The attackers did not access any other part of the Imperium Health systems. Although it is probable that the attacker viewed or obtained patient information, so far, there is no proof found that suggests the attacker viewed, acquired, or misused patient data in any way.

Imperium Health has enforced more security steps to secure its systems from other cyberattacks. Two-factor authentication on remote access to email accounts and new methodologies to secure sensitive data transfer were implemented. Employees also received further training on email security and phishing email identification.

Blackbaud Ransomware Attacks Impacts Atrium Health and Saint Luke’s Foundation

Saint Luke’s Health Foundation has reported the compromise of the personal and demographic data of 360,212 people due to the Blackbaud ransomware attack recently.

The attackers acquired a backup copy of a database and used it to extort money from Blackbaud. It is believed that data acquisition happened at some time from February 7, 2020 to May 20, 2020. Blackbaud decided to pay the ransom to get the keys to unlock the encrypted files and stop any more exposure of data ripped off in the attack. Blackbaud believes the attacker did not expose any data to any entity or the public and thinks all stolen data were deleted permanently.

The compromised data included names, mailing and email addresses, phone numbers, and/or birth date. Some patients may have had the names of their guarantors compromised, together with a number of patient medical data like dates of service and patient care departments.

Atrium Health is a leading healthcare system in the country with more than 900 care locations. It also reported that the Blackbaud ransomware attack affected the data of its patients. Compromised patient data included first and last names, contact details, demographic data (such as birth date, guarantor details, applicable decedent status, and patient ID numbers), dates of treatment, locations of service, and name of treating doctors. For minors impacted by the breach, the guarantor’s name and their relationship were also exposed. The date and amount of donation of patients who gave to Atrium Health were also stolen.