Dickinson County Health, Passavant Memorial Homes Security and Michigan Medicine’s Security Breach

Dickinson County Health in Michigan has experienced a malware attack that has pushed its EHR system offline. The attack has compelled the health system to undertake EHR downtime procedures and log patient information using pen and paper. The malware attack started on October 17, 2020 and disrupted computer systems at all its Wisconsin and Michigan clinics and hospitals.

Systems were de-activated to control the malware and third-party security specialists were engaged to look into the breach and reestablish its systems and information. Although the attack brought about substantial disruption, almost all patient services continued to be completely operational. It is presently not clear if the attackers accessed or stole patient data.

DCHS CEO Chuck Nelson said that the matter is given the highest priority. Industry best practices and serious safety methods are being implemented. During the investigation, the company maintained high standards for patient care throughout their system.

25,000 People Likely Impacted by Passavant Memorial Homes Security Breach

Passavant Memorial Homes Family of Services (PMHFOS) in Pennsylvania provides support services for people with intellectual handicaps, autism, and behavioral health care. A security breach occurred at PMHFOS and the protected health information (PHI) of its clients was potentially compromised.

The security breach occurred on August 15, 2020. Using the contact form on the PMHFOS website, an unauthorized individual sent a message to an authorized user saying that his/her username and password was obtained and allowed systems access. The message alerted PMHFOS about the vulnerability and the individual maintained there was no malicious action taken.

A third-party computer forensics expert investigated the breach and confirmed there was no malware installed and no files was encrypted; nonetheless, it was impossible to know whether there was any individually identifiable information viewed or exfiltrated. Scans were performed on the dark web to figure out if any client records were released, however there was no information. A examination of the accessed systems revealed they included the PHI of 25,000 persons.

Because of the breach, PMHFOS deactivated the compromised account, conducted a system-wide password reset, offered more security awareness training to workers, and updated its network security steps. PMHFOS also implemented two-factor authentication. The authorities and PMHFOS’ cyber insurance provider already received a breach notification.

Email Addresses of Michigan Medicine Patients Exposed Due to Email Error

Michigan Medicine in Ann Arbor-M has began sending notifications to 1,062 patients about the potential access of their names, email addresses, and some health data by unauthorized individuals.

Michigan Medicine communicated an email communication in late September to patients telling them regarding a case of Inflammatory bowel Disease. But, Michigan Medicine did not add the patients’ email address on the blind carbon copy (BCC) field and could as a result be viewed by all other individuals on the mailing list.

The email did not include highly sensitive details, although it may still be probable to establish the names of patients from their email addresses plus the email identified patients as struggling against inflammatory bowel disease.

Upon discovery of the email error, Michigan Medicine sent individual notifications to all people on their records informing them regarding the mistake and telling them to delete the initial email. Letters were likewise sent to affected individuals on October 16. Michigan Medicine has now changed its procedures for sending emails to avoid identical mistakes later on.