Cyberattacks on Egyptian Health Department, Cencora, and Philips Respironics

Up to 100,000 Individuals Affected by Egyptian Health Department Cyberattack

Egyptian Health Department (EHD) located in Eldorado, IL, recently announced a data breach that affected around 100,000 patients. EHD encountered a cyberattack on December 21, 2023, and although the forensic investigation is not yet finished, evidence shows that an unauthorized individual accessed folders on its network. Those folders contained files with patients’ protected health information (PHI) and worker data.

The compromised patient information included names, birth dates, medical data, and health insurance claims data. The breached employee information included names, driver’s license numbers/ other government-issued IDs, Social Security numbers, financial account information, and/or insurance details. EHD is still looking into the incident to find out the possibly impacted workers and patients and will mail notifications when that process is completed.

EHD implemented several steps to enhance security, which include creating new domain controllers, transferring the SMB network shares of the domain controllers to a dedicated virtual machine, limiting Sharepoint Server to internal access only, performing permission audits on shared folders, equipment installed with Sentinel One and Huntress, and using password protection on spreadsheets that have PHI.

Email Account Breach at McKenzie County Healthcare System

McKenzie County Healthcare System based in North Dakota has determined unauthorized access to the email account of an employee. The breach was discovered on or around October 5, 2023, and the forensic investigation revealed that an unauthorized person viewed a single email account between October 2 and October 5, 2023.

An evaluation was done of all emails and file attachments in the account. It revealed that the PHI of 21,000 individuals was exposed. The breached data included names, addresses, medical details, and medical insurance data. No proof was discovered that suggests the misuse of any of that information.

MOVEit Hack Impacts Forward Healthcare’s Business Associate

Forward Healthcare has stated that the PHI of 3,999 patients was exposed in a cyberattack on Philips Respironics, its business associate. On December 20, 2023, Philips Respironics informed Forward Healthcare that information was breached in a May 31, 2023, cyberattack that permitted access to its Care Orchestrator and Encore Anywhere applications, exploitation of a zero-day vulnerability in the MOVEit Transfer solution. The information likely stolen in the attack contained names, personal data, and medical data.

Email Account Exposed at Maryville Addiction Treatment Centers

Maryville Addiction Treatment Centers located in New Jersey have started announcing to 155,03 individuals concerning a breach of an employee email account. The security breach was noticed on or approximately August 22, 2023, and the forensic investigation confirmed the unauthorized access to the email account from August 21, 2023 to August 22, 2023.

The evaluation of the account affirmed the exposure of the following data: full names, medical treatment details, health insurance data, Social Security numbers, dates of birth, financial account details, and government identification. Maryville stated there are no clues that any compromised data was misused.

Cencora Announces Cyberattack with Data Exfiltration

The Fortune 500 pharmaceutical company, Cencora, mentioned in a filing with the Securities and Exchange Commission (SEC) that it had encountered an intrusion and data was stolen from its system. Cencora stated the attack did not have a material impact on its operations, however, it is quite early to tell if the incident will have any material effect on its financial situation.

Cencora mentioned it identified unauthorized activity inside its systems, took quick action to control the threat, and submitted an incident report to HIPAA law enforcement. Third-party cybersecurity specialists were called in to help in the investigation. Data extraction was established on February 21, 2024, nevertheless, there is still no announcement regarding the nature of the breached records.

California Department of State Hospitals Notifies Patients Regarding the SSN Breach

The State of California Department of State Hospitals Atascadero (DSH-A) has commenced advising selected patients concerning a security incident identified on February 15, 2024, that resulted in the exposure of Leave and Activity Balance (LAB) reports. The reports were given to DSH-A staff for timesheet approval and included confidential data like names and Social Security numbers. DSH has begun an investigation to determine if the reports were incorrectly accessed and plans to provide complimentary identity theft protection services to the affected persons. At this stage, it is uncertain how many people have been impacted.