PHI Breach in Sierra County, CA Cyberattack
Sierra County in California encountered a “sophisticated cyberattack” on or about February 21, 2023. Upon discovery of the breach on March 5, 2023, Sierra County secured its systems to avoid further unauthorized access. Third-party cybersecurity specialists investigated the incident. According to the investigation, the attackers got access to areas of the network that included data like names, addresses, birth dates, email addresses, telephone numbers, driver’s license or state ID numbers, Social Security numbers, medical/prescription or medical insurance-related data, drug or alcohol testing results, debit or credit card numbers, biometric information, or financial account/routing numbers. There was no evidence found that signifies actual or attempted data misuse. The Department of Public Health and Department of Behavioral Health mentioned that the protected health information (PHI) of 2,463 persons was exposed and possibly stolen in the attack.
Advarra, Inc. Email Account Breach
Integrated research compliance solutions provider, Advarra, Inc. based in Columbia, MD, detected unauthorized access to the email account of an employee on October 26, 2023. The account was deactivated right away. The forensic investigation affirmed that only one email account was affected by the breach, with the unauthorized access starting on October 25, 2023. The attacker stole data from the account including names and Social Security numbers. The breach report was already submitted to the Maine Attorney General indicating that 1,782 individuals were affected. There is no evidence found that indicates the misuse of the stolen information; nevertheless, as a safety measure, impacted persons were provided free credit monitoring services for two years and those persons are being urged to use those services.
Ransomware Attacks on Foursquare Healthcare and Hi-School Pharmacy
Foursquare Healthcare Ltd, based in Rockwall, TX offers short-term rehabilitation, skilled nursing, and long-term nursing care facilities. It recently reported a ransomware attack that was discovered on September 27, 2023. It was confirmed by forensic investigation that the attackers gained access to its system from September 27, 2023 to September 29, 2023, and stole several files that included employee and patient data. The data in the files differed from one person to another and included names together with at least one of these data: address, billing details, Social Security number, banking details, and clinical data concerning care given at its clinics.
The attack didn’t result in any material trouble to Foursquare care or services. There is no proof found that suggests the misuse of any of the stolen information for identity theft or scams. Foursquare stated it has received assurances that the stolen information was deleted. That typically, but not always indicates ransom payment. Foursquare stated it is convinced the incident is contained but it will still keep track of its systems for suspicious activity.
The breach report was recently submitted to the HHS’ Office for Civil Rights indicating that the PHI of 10,890 patients were affected. Foursquare has provided two years of free credit monitoring and identity theft protection services to the impacted persons. Although assurances were given that the stolen information was deleted, Foursquare informs the impacted patients and workers to be cautious against identity theft and fraudulence.
Hi-School Pharmacy Ransomware Attack
The drug store chain, Hi-School Pharmacy based in Vancouver, WA, has informed the Maine Attorney General regarding a data breach that has impacted 17,676 persons. Hi-School Pharmacy encountered a cyberattack on November 3, 2023, that triggered a network interruption. According to the forensic investigation, the attackers got access to its network that included PHI such as names and Social Security numbers. Hi-School Pharmacy sent notification letters to the impacted persons on November 5, 2023 and offered credit monitoring and identity theft protection services to the impacted persons.
606,000 Patients Affected by East River Medical Imaging Cyberattack
East River Medical Imaging located in New York sent notification letters to 605,809 patients about the potential exposure or theft of some of their PHI in a cyberattack that was discovered on September 20, 2023. The company took the network offline quickly and started a forensic investigation to identify the nature and extent of the attack. The investigation confirmed there was unauthorized access to its system from August 31, 2023 to September 20, 2023, and in that period, files comprising patient information were accessed and stolen from its system.
The breached data differed from one person to another and could have contained names, contact details, Social Security numbers, insurance data, exam and/or procedure data, referring doctor names, and/or imaging results. Employee information was likewise compromised, such as names, contact details, financial account data, driver’s license numbers and/or Social Security numbers.
East River Medical Imaging mentioned it has improved its network tracking capabilities and will still evaluate and supplement its security settings. Notification letters were sent by mail to the impacted people on November 22, 2023. Those whose driver’s license numbers and/or Social Security numbers were affected were provided free credit monitoring services.
Cyberattack on Fred Hutchinson Cancer Center
The Fred Hutchinson Cancer Center located in Seattle, WA, has reported that it discovered unauthorized network activity on its clinical system during the week of Thanksgiving. The ongoing investigation of the incident has no clear information yet regarding the compromise of patient data. The system was taken off the internet after 72 hours of discovering the security incident. Until now, the clinical system is still offline. The MyChart online patient website and its research system were not affected. Patient care is still provided to patients and employees are working 24 / 7 to take care of the problem and restore systems online. There is no time frame given regarding this process.
Some patients have said they received threatening email messages from the attackers. The emails mentioned the theft of 800,000 patients’ information in the attack and their stolen data will be released on the dark web when patients fail to pay to have their data removed. The letters demand a $50 payment to have their data deleted. The attackers asked for individual ransom demands because The Fred Hutchinson Cancer Center declined to pay the ransom.
Other hospitals were attacked during Thanksgiving. A few hospitals managed by Ardent Health Services were impacted by a ransomware attack and were compelled to call off appointments and reroute ambulances.