Patient Data Exposed in Ransomware Attacks on Family Christian Health Center & Jackson County Hospital

Family Christian Health Center (FCHC) based in Illinois has reported experiencing a ransomware attack last November 2021 that led to the breach of the protected health information (PHI) of 31,000 patients. The ransomware attack was discovered on November 30, 2021, and the investigation affirmed that the hackers initially acquired access to its IT systems on or approximately November 18, 2021.

The attackers breached FCHC’s old dental system that held the PHI of individuals who had gotten dental services before August 31, 2020. The system stored the patients’ names, dates of birth, driver’s license numbers, insurance card numbers, and duplicates of patients’ driver’s licenses and insurance cards. FCHC stated details regarding the dental care delivered, Social Security numbers, and credit card numbers of impacted dental patients were not exposed. The PHI of non-dental patients who got medical services in the period of December 5, 2016 to August 31, 2020, was likewise exposed. The information included names, addresses, birthdates, insurance identification numbers, and Social Security numbers.

FCHC and third-party IT companies worked jointly to check the breach. A forensic specialist was involved to know how the attackers obtained access to the network and to propose extra security options to stop more attacks. FCHC mentioned it has executed supplemental technical safeguards.

Patient Information Likely Exposed in Jackson County Hospital Attack

Jackson County Hospital located in Florida lately reported that unauthorized persons got access to selected systems inside its system and likely viewed or acquired the personal and health data of a number of patients. The security breach was noticed on or about January 9, 2022, when a number of systems became unavailable.

Third-party forensic professionals looked into the cyberattack and confirmed the exfiltration of limited patient data from its systems, such as names, addresses, dates of birth, phone numbers, Social Security numbers, healthcare histories, medical disorders/treatment details, patient account numbers, medical record numbers, diagnosis codes, Medicaid/Medicare numbers, financial account data, and usernames/passwords. At this point, Jackson County Hospital didn’t get any proof that indicates there was improper use of patient information nevertheless affected patients were cautioned to be wary and to examine their account statements and explanation of benefits statements for clues of fraudulent transactions.

Jackson County Hospital stated the cyber attack investigation is continuing and steps are being undertaken to boost security. Existing guidelines and procedures are being looked over and more administrative and technical safety measures will be applied to further safeguard the data in its systems.

The breach was reported to the HHS’ Office for Civil Rights however it’s not yet displayed on the breach site, thus it is still not clear how many people were impacted.