Data Breaches at One Brooklyn Health System and Mena Regional Health System

One Brooklyn Health System is presently handling a cyberattack that has prompted interruption at its three hospitals – Brookdale Hospital Medical Center, Kingsbrook Jewish Medical Center, and Interfaith Medical Center. Not much information was published concerning the attack to date, which is thought to have happened on or prior to November 19. The health system shut down its system on this date and stayed offline for over one week.

The New York Post announced that the cyberattack has kept hospital personnel from being able to access the electronic medical record system, therefore patient data was recorded with the use of pen and paper and the hospitals adopted emergency protocols. It was decided to redirect ambulances to other hospitals, even though contact with other hospitals in the community seems to be non-available. The health system likewise reportedly didn’t inform New York Fire Department ambulance services that it will send its emergency cases to alternate hospitals.

The hospital has involved third-party specialists to help look into the nature and extent of the cyberattack and to help with restoring IT systems on the internet. Some systems are actually accessible online and there is restricted access to its electronic medical record system as well as some other medical software. One Brooklyn Health released a statement stating that the security breach did not affect patient care and although ambulances were redirected, appointments were not canceled. At this period of the breach response, it’s still early to say whether patient data was affected and to what extent.

More or Less 85,000 Patients Affected by Mena Regional Health System Breach

Mena Regional Health System (MRHS) based in Arkansas reported on November 22, 2022, the access and exfiltration of files with 84,814 patients’ protected health information (PHI) by an unauthorized third party.

MRHS didn’t mention in its substitute breach notice the date of the initial network access by the hacker. However, the intrusion was identified on November 8, 2022. According to the investigation, files were extracted from its system over a year ago, on or about October 30, 2021. MRHS offered no clarification regarding why it took a long time to identify the breach.

The analysis of the files affirmed the includion of complete names, birth dates, Social Security numbers, government ID numbers/driver’s license, financial account details, health record/patient account numbers, medical diagnosis/treatment data, medical company names, laboratory results, prescription data, and medical insurance information.

MRHS stated it did not know of any actual or attempted patient data misuse and that as a safety precaution, it sent notification letters to impacted persons. That process started on November 22, 2022. Those who had their Social Security numbers exposed received free credit monitoring services. Security processes are under review and will be modified to protect the privacy and security of patient data.