Pension Benefit Information Reports Theft of PHI of 371,359 Persons in MOVEit Transfer Hack
Pension Benefit Information, LLC, also known as PBI Research Services (PBI), has lately reported the theft of the protected health information (PHI) of 371,359 persons by the Clop ransomware hackers during an attack exploiting a zero-day vulnerability identified in the MOVEit Transfer file transfer program on or about May 31, 2023.
PBI discovered the breach on June 2, 2023, and immediately applied the patch to correct the vulnerability. The forensic investigation showed that Clop hackers accessed one of PBI’s MOVEit Transfer servers from May 29 to May 30, 2023. The stolen files stolen contained names, incomplete mailing addresses, birth dates, and Social Security numbers. PBI stated it doesn’t know of any attempted or actual misuse of the stolen data; nevertheless, as a safety measure, impacted persons received two years of free credit monitoring and identity theft protection services. PBI began sending notifications to the impacted persons on June 4, 2023.
LockBit Ransomware Attack on Panorama Eyecare
Panorama Eyecare was added to the LockBit ransomware group data leak website. The ransomware group claims to have extracted 798 GB of data from the physician management organization based in Colorado. The stolen information includes data from Panama Eyecare’s clients Denver Eye Surgeons, Eye Center of Northern Colorado, 2020 Vision Center, and Cheyenne Eye Clinic & Surgery Center. There was no acknowledgment yet from Panorama Eyecare about the data breach and it is presently uncertain how much patient data was affected.
8Base Ransomware Group Leaks Kansas Medical Center Data
A physician-owned hospital known as Kansas Medical Center located in Andover, KS, was recently included in the 8Base ransomware group’s data leak site. The threat group states the attack happened on June 18, 203, and stole sensitive patient and worker information including names, registration details, addresses, and other data. Kansas Medical Center has made no public announcement about the attack and the number of affected patients is uncertain.
PHI of 168,000 Patients Exposed in Henry Ford Health Phishing Attack
Henry Ford Health based in Detroit, MI recently informed 168,000 patients about an unauthorized person gaining access to worker email accounts that held some of their PHI. A representative of Henry Ford Health stated the unauthorized access happened on March 30, 2023, due to employees responding to phishing emails. The company discovered the attack quickly and secured the accounts; nevertheless, access to patient information was probable. An evaluation of the email accounts showed on May 16, 2023, that they included these patient data: name, birth date, gender, age, phone number, internal tracking number/medical record number, laboratory results, procedure type, date(s) of service, and diagnosis. Henry Ford Health is employing extra security measures to secure against other email account breaches and supplemental training is given to employees.
2022 Malware Incident at IMX Medical Management Services
The medical consulting firm, IMX Medical Management Services based in Malvern, PA, recently announced that malware was discovered on a laptop that possibly permitted unauthorized persons to access the PHI of 7,594 persons. Based on the notification letters, the company detected the malware on September 1, 2022. The forensic investigation showed that the malware was present since June 2022. More malware indicators were likewise discovered on its system in October 2022.
IMX stated the malware was taken away and no more indicators of malware were found since October 2022. The late issuance of notifications was because of the substantial and complex evaluation of the impacted data. IMX stated the malware allowed access to email messages however attachments were not extracted. The exposed data contained names or other personal identifiers together with driver’s license numbers as well as other identification cards. Affected individuals received offers of identity theft protection services.
Storage Unit Bought at Auction Included Boxes of Patient Files
A storage unit that was just bought at an auction was found to contain over 200 boxes of patient documents. The unit was auctioned when no more rental payments were made. The buyer placed a blind bid for the unit and found the boxes of patient documents after buying the unit. The data was associated with patients of East Houston Medicine and Pediatric Center who got treatment from 2009 to 2019. The records contained data like names, driver’s license photos, Social Security numbers, medical backgrounds, and insurance details. The buyer is presently trying to request the healthcare provider to collect the files.
PHI Compromised in Mismailing Incident by Charles George VA Medical Center
Charles George VA Medical Center based in Asheville, NC, reported the exposure of the personal data of 1,541 veterans because of an email mismailing incident. The data compromise was discovered on May 12, 2023, and prompt action was taken to erase the emails that were not opened; nevertheless, the messages had been seen by three veterans. The emails have an attachment that included minimal PHI. Impacted persons were offered free identity theft protection and credit monitoring services.
Hackers Exfiltrated the Information of 1.2 Million Tampa General Hospital Patients
Tampa General Hospital recently reported that hackers acquired access to its system and stole data that include the PHI of around 1.2 million patients. The hospital detected a security breach on May 31, 2023 upon noticing suspicious activity within its system. The impacted systems were quickly taken off the internet to avoid continuing unauthorized access. A third-party digital forensics company investigated the occurrence to find out the nature and extent of the attack.
Based on the investigation, unauthorized persons got access to its system for three weeks from May 12 to May 30, 2023, at that time they extracted files that contain patient data. The data breached in the incident differed from one person to another and might have contained names, telephone numbers, addresses, birth dates, Social Security numbers, patient account numbers, health record numbers, dates of service, medical insurance data, and limited treatment details. Tampa General Hospital stated that the hackers failed to access its electronic medical record system.
Tampa General Hospital mentioned that this attack was an attempted ransomware attack. Although data theft happened, its security systems stopped the encryption of files. More technical security procedures are now put in place to stiffen its systems and stop more data breaches. Network monitoring was also improved to make sure that any potential security breaches are discovered quickly.
The hospital mailed notification letters to impacted persons as soon as contact details were confirmed. Tampa General Hospital stated that impacted persons will be provided free credit monitoring and identity theft protection services.