Hospital, Pharmacy, and Dental Practice Report Hacking Incidents Impacting More Than 355,000 Patients

A hacker acquired access to BioPlus Specialty Pharmacy Services, an IT network based in Altamonte Springs, FL. Files containing sensitive patient data had been accessed by the attacker. The pharmacy detected the intrusion on November 11, 2021, and took immediate steps to take out the hacker from its system. A third-party computer forensics company helped BioPlus to confirm the compromise of its IT environment on October 25, 2021, and removed the attacker from its systems on November 11.

The investigation affirmed that the hacker accessed files that contain the protected health information (PHI) of selected patients, however, it was not possible to eliminate the probability that the hacker viewed the PHI of all its patients. The decision was hence taken to alert all 350,000 present and former patients concerning the breach.

The files accessed by the attacker contained patient names, dates of birth, addresses, medical record numbers, existing/past health plan member ID numbers, claims data, diagnoses, and/or prescription details. A number of patients likewise had their Social Security number exposed. The issuance of notification letters started on December 10, 2021. Individuals whose Social Security numbers were compromised were provided no-cost credit monitoring and identity protection services. BioPlus stated it has put in place extra safeguards to avoid similar breaches later on.

Capital Region Medical Center IT Systems Still Not Accessible a Week After Cyberattack

Capital Region Medical Center (CMRC) located in Jefferson City, MO, has confirmed it encountered a cyberattack that resulted in the shutdown of its network and phone systems. The cyberattack was discovered on December 17, 2021, and its online and telephone systems remain offline. The medical center is employing its downtime procedures and patients can visit, but a number of appointments were canceled. The cyberattack has additionally affected the pharmacies of the Capital Region.

The Capital Region information security staff is working diligently to bring back its systems online as fast, and securely, as possible. The health and safety of its patients are regarded as very important and treatment to patients will be given as expected. There are downtime protocols in place for physicians, nurses, and personnel to provide care in these types of situations, and its employees are dedicated to doing everything they can to minimize disruption and give uninterrupted care to its patients.

5,356 People Affected by Weddell Pediatric Dental Specialists Data Breach

Weddell Pediatric Dental Specialists based in Carmel, IN, has started sending notifications to 5,356 people that an unauthorized individual obtained access to a worker’s email account that included their protected health information (PHI).

The email account breach was noticed on July 23, 2021, and the account was promptly secured. Aided by third-party cybersecurity experts, the dental practice established that the breach only impacted one employee email account. The review and evaluation of emails and file attachments in the account were finished on October 27, 2021, and confirmed the account comprised patient names, together with one or more of the following data elements: date of birth, health diagnosis, medical treatment details, financial account data and in certain instances Social Security numbers.

Persons whose Social Security number had been exposed were offered complimentary credit monitoring services for 12 months. Weddell Pediatric Dental Specialists stated no information indicated the misuse of any patient information.