Data Compromised Due to Insider Theft and Ransomware Attacks

Former Nursing Home Employee Accused of Defrauding Residents Out of $25,000

Anna Zur, 39 years old of Franklin Park, IL was a former employee in a nursing home accused of identity theft. She used the accounts of many nursing home residents for paying her bills.

Zur worked in the business office of a nursing care facility and took advantage of her data access rights and sent the personal and financial information of residents to her personal email account. She was charged with identity theft and using the residents’  accounts for buying products and services and paying her bills.

It took the Palos Heights Police Department a year to investigate cases of identity theft and fraud. After which, a warrant was issued for Zur’s arrest. On August 26, 2020, she was taken into custody. Her charges include felony counts of wire fraud and engaging in  financial crimes enterprise. There were 35 cases of identity theft linked to Zur and she was charged with defrauding people in the amount of $25,000.

Patient Data Theft Due to a Ransomware Attack on Ventura Orthopedics

A manual ransomware attack on the healthcare company Ventura Orthopedics in California resulted in the theft of patient information that was published on the internet. discovered the stolen data while investigating a new data leak site built by Conti-Ryuk ransomware operators. The stolen data was also discovered on a leak site run by the Maze ransomware operators.
The published information included the following patient information: names, birth dates, prescribed medicines, and laboratory test results. About 1,800 files were exposed online.

Ventura Orthopedics did not make any announcement about the ransomware attack as of this writing and the HHS’ Office for Civil Rights breach website has no published information yet. Hence, the number of affected persons is still uncertain at this time.

Magellan Health Ransomware Attack Impacted Comanche County Hospital Authority

Comanche County Hospital reported the compromise of the protected health information (PHI) of 1,112 persons due to a ransomware attack on Magellan Health, its pharmacy benefits vendor, last April 2020.

According to Magellan Health’s investigation, only some benefit plan members’ health data was compromised, which included names, addresses, medical insurance account details, payment, and treatment data. The Social Security numbers or financial data of plan members were not compromised.