Breaches at The Little Clinic and Mat-Su Surgical Associates

The Little Clinic, which manages a network of over 215 medical care clinics established in Kansas, Kentucky, Tennessee, Ohio, Arizona, Georgia, Colorado, Virginia and Indiana, found a bug in its web-based appointment system that likely made possible the unauthorized disclosure of PHI of patients.

The Little Clinic identified the bug and confirmed that it was brought in on October 7, 2018. The network corrected the problem on February 13, 2020 and implemented measures to avert the same breaches from now on.

Because of the coding error, when a patient booked an appointment and afterward altered it on the internet, the patient’s name, birth date, phone number and address can be seen by other domains. The investigation results showed that about 10,974 patients were likely impacted and might have had a number of their personal data exposed.

The Little Clinic didn’t find any proof to indicate the access or improper use of patient information however concluded on April 7, 2020 that the occurrence was regarded as a data breach. Hence, the clinic sent notification letters by mail to all persons likely affected.

Ransomware Attack at Mat-Su Surgical Associates

Mat-Su Surgical Associates based in Palmer, AK reported that it experienced a ransomware attack last March. The employees found out about the attack on March 16 when they were unable to access the computer systems due to the encryption of key files.

A group of third party computer forensics detectives checked out the nature and extent of the attack and to verify if the attackers viewed or took any patient information. It wasn’t possible to ascertain if the attacker could exfiltrate information or view patient data before encryption, however, the investigators cannot exclude unauthorized information access. The attacker was persistent to have obtained access to sections of its computer system that held the protected health information (PHI) of 13,146 patients.

The following data were likely breached in the ransomware attack: names of present and past patients of Mat-Su Surgical Associates and Valley Surgical Associates coupled with addresses, diagnoses, treatment details, laboratory test findings, medical insurance details, Social Security numbers, and other advice connected to the obtained medical care.

Mat-Su Surgical Associates delivered breach notification letters via mail to all impacted patients and provided them free credit monitoring and identity theft protection services via ID Experts.

Mat-Su Surgical Associates likewise did necessary security enhancements, such as applying more measures to prevent unauthorized remote access to its systems.