Illinois Gastroenterology Group lately announced that unauthorized people acquired access to its computer environment and possibly accessed and exfiltrated sensitive patient data. The group detected the cyberattack on October 22, 2021 because of suspicious activity identified inside its computer network.
Third-party cybersecurity professionals were involved to look into the attack and figure out the nature and scope of the incident. On November 18, 2021, Illinois Gastroenterology discovered that the sections of its systems that the unauthorized individuals accessed contained patient data like names, addresses, birth dates, passport numbers, driver’s license numbers, Social Security numbers, financial account details, payment card data, employer-assigned identification numbers, medical details, and biometric information.
Illinois Gastroenterology stated it was not possible to rule out unauthorized viewing or theft of files that contain patient records, however, during the time of issuing notification letters, there was no report received that suggest any fake misuse of the breached information. The evaluation of the affected files was done on March 22, 2022, and notification letters were now mailed to impacted persons.
Due to the breach, policies and procedures associated with network safety were examined and improved, the implementation of a better managed Security Operations Center was accelerated, and multi-factor authentication was put in place. Although the security breach wasn’t confirmed as involving ransomware, Illinois Gastroenterology mentioned a new endpoint detection and response platform was deployed that has policies enabled particularly for ransomware.
The data breach report was recently submitted to the HHS’ Office for Civil Rights as having approximately 227,943 victims.
Data of Mental Health Center of Greater Manchester Patients Exposed
The Mental Health Center of Greater Manchester (MHCGM) based in New Hampshire made an announcement that patient information was likely exposed in a cyberattack at the Center for Life Management (CLM), a third-party community mental health services partner, which was used for storage of data.
On February 21, 2022, an unauthorized individual accessed CLM’s systems. CLM discovered the cyberattack on February 23, 2022, and immediately secured its systems to stop further unauthorized access. The breach only affected CLM’s systems and the security of MHCGM’s systems was not impacted.
CLM looked into the incident and it was affirmed on April 11, 2022 that the attackers possibly viewed and copied files comprising patient data including names, addresses, dates of birth, Social Security numbers, diagnoses, medical details, discharge data, and treatment locations and/or healthcare organizations.
There was no evidence found that indicates unauthorized individuals viewed or got any specific data as a result of the attack; nevertheless, affected persons were offered a year of complimentary credit monitoring. MHCGM stated it is not using CLM anymore for data storage and is getting rid of all information from CLM’s systems.
The HHS’ Office for Civil Rights breach website show 1,322 MHCGM patients were impacted.