Hackers potentially obtained the protected health information (PHI) of more than 650,000 patients of Community Medical Centers (CMC) based in California.
CMC is a not-for-profit network of community health centers that serve patients in the Solano, San Joaquin, and Yolo counties in Northern California. CMC noticed suspicious activity in its computer systems on October 10, 2021, and de-activated its systems to stop further unauthorized access. An investigation was begun to know the nature and magnitude of the breach, with support provided by third-party cybersecurity specialists.
The forensic investigation affirmed that unauthorized people had obtained access to areas of its network where protected health information was saved, which include first and last names, dates of birth, mailing addresses, Social Security numbers, medical data, and demographic details.
Because of the sensitive nature of the compromised data, CMC is giving complimentary identity theft protection, identity theft resolution, and credit monitoring services to affected persons. CMC mentioned it has affirmed its systems are now secure, policies and protocols have been evaluated and updated to enhance security, and information management policies were examined and updated.
CMC has notified law enforcement about the breach, including the appropriate state attorneys general and the Department of Health and Human Services.
The breach report sent to the Maine attorney general states that the PHI of 656,047 people were possibly exposed.
Professional Healthcare Management Suffers Ransomware Attack
Professional Healthcare Management (PMH) has started sending notifications to some patients regarding the potential compromise of some of their PHI in a ransomware attack that happened in September 2021.
PMH discovered the attack on September 14 and quickly took action to secure its servers and workstations. Third-party cybersecurity and incident response professionals helped PMH to promptly protect and reestablish its networks and operations. The healthcare provider conducted an investigation to find out the nature and extent of the breach and confirmed that hackers potentially obtained the personal data and PHI of patients.
The breach investigation is ongoing however, at this point, no evidence of patient data theft or misuse has been identified; nevertheless, notification letters are currently being delivered to impacted persons and the incident report was sent to the HHS’ Office for Civil Rights.
PMH said the following types of patient information were likely compromised: Social Security numbers, first and last names, health insurance details (Medicaid number, Medicare number, and insurance identification number), diagnosis code(s), and prescription name(s).
Further safeguards are being put in place to enhance IT security, cybersecurity guidelines, and protocols are being modified, and extra cybersecurity training was given to the employees.