Hacking Incidents Reported by Retinal Consultants Medical Group, Three Rivers Regional Commission, & ACE Surgical Supply

Three Rivers Regional Commission, Retinal Consultants Medical Group, and ACE Surgical Supply have recently reported cyberattacks whereby unauthorized individuals may have obtained the protected health information (PHI) of patients.

11,603 Retinal Consultants Medical Group Patients Affected by Hacking Incident

Vitreo-Retinal Medical Group Inc., dba Retinal Consultants Medical Group, states it encountered a sophisticated cyberattack that was discovered on or around July 12, 2021 and resulted in a service disruption.

Vitreo-Retinal Medical Group hired third-party cybersecurity specialists to help re-establish its systems and inspect the nature and magnitude of the attack. Although the investigation confirmed that unauthorized people had acquired access to its computer network, it did not say if the unauthorized individual accessed or exfiltrated any PHI. No report was obtained that suggests actual or attempted patient data misuse.

A thorough manual and programmatic evaluation of the affected systems affirmed the potential compromise of the following types of sensitive information: name, address, date of birth, medical problem or treatment details, medical record number, patient account number, diagnosis code, Medicaid/Medicare data, name of treating physician, health insurance details, and username/password. The Social Security numbers of a limited number of patients were also kept on the impacted systems.

Vitreo-Retinal Medical Group reports that third-party cybersecurity specialists were helping with the analysis of its security systems and extra measures will be put in place, as needed, to enhance data security.

The medical group sent notifications to the affected persons starting on November 9, 2021, and complimentary credit monitoring services were given where necessary.

2,000 Patients Impacted by Three Rivers Regional Commission Ransomware Attack

The regional planning organization located in Griffin, GA, Three Rivers Regional Commission, has found out that unauthorized persons may have obtained the PHI of about 2,000 people due to a ransomware attack.

The attack was discovered on July 20, 2021, when staff members could not access its computer systems. Third-party cybersecurity professionals assisted Three Rivers Regional Commission to find out whether the attacker acquired access to its systems between July 18, 2021 and July 20, 2021 and prior to deploying ransomware, exfiltrated files that contain sensitive records.

The forensic investigation is not yet over and breach notification letters will be sent to the impacted persons upon identification of their identities and contact data. At this period, these types of details are considered to have been exfiltrated in the attack: Name, Social Security number, address, driver’s license number, and medical data, such as diagnosis and treatment details, lab test results, medicines, and Medicare/Medicaid ID numbers.

Three Rivers Regional Commission stated it is using extra administrative and technical safeguards to safeguard the records in its systems.

Cyberattack on ACE Surgical Supply Affects 12,122 People

ACE Surgical Supply based in Brockton, MA has learned that an unauthorized person has accessed its IT environment and may have viewed or acquired the protected health information of 12,122 people.

The attacker accessed its IT systems on June 29, 2021. The breach was identified the same day. The investigation affirmed that the impacted systems held personal information as well as financial account numbers, debit/credit card data, and details that could possibly permit account access.

ACE Surgical Supply mentioned affected persons were provided two-year credit monitoring and identity theft protection services for free.