Southwest Louisiana Health Care System, Inc. recently announced the compromise of the protected health information (PHI) of approximately 269,752 Lake Charles Memorial Health System patients. The Louisiana healthcare system’s security team detected suspicious activity on October 21, 2022 and took steps to deal with the occurrence and look into the potential breach. It was confirmed on October 25 that an unauthorized entity got access to the system. The forensic investigators stated that the attack began on October 20 to October 21, 2022 and the attackers stole patient records from the system.
The analysis of the extracted files confirmed they included data such as names, addresses, birth dates, patient ID numbers, medical record numbers, medical insurance data, payment details, and limited clinical data. A number of Social Security numbers were likewise breached. The health system sent breach notification letters to impacted persons on December 23, 2022, and offered free credit monitoring and identity theft protection services to those who had their Social Security numbers exposed.
Southwest Louisiana Health Care System didn’t reveal the precise method of the cyberattack, however, the Hive ransomware group professed to be behind the attack. Although Hive is well-known for employing ransomware for file encryption, the group claims to have only extracted patient records. It did not encrypt the files and issued a ransom demand asking for payment to make sure to delete the stolen information. Payment doesn’t seem to have been given because the Hive group began leaking the stolen information last month.
FoundCare Email Account Breach Affects 14,000 Patients
The federally qualified health center known as FoundCare Inc. based in Palm Springs, FL has reported that unauthorized persons have acquired access to its email account and possibly viewed or acquired email messages and files containing the PHI of 14,194 patients.
The health center detected suspicious activity in its email account on September 2, 2022, and engaged a third-party digital forensics agency to investigate. FoundCare stated it confirmed on October 18, 2022, that the breached files contained patient information. The analysis of those records and checking of patient contact details were done. Currently, FoundCare is sending notification letters to the impacted persons. Information compromised during the cyberattack included the following: names, dates of birth, email addresses, addresses, Social Security numbers, credit card numbers, passport numbers, other government ID numbers, medical insurance details, health conditions, internal patient identifiers, diagnoses, and treatment data. FoundCare mentioned that most of the affected persons only had minimal medical data compromised.
FoundCare has applied the following extra security procedures because of the breach:
- using multifactor authentication for all end users
- stopping basic authentication steps
- including an alert to all emails coming from new email addresses
- giving employees regular phishing awareness training