PHI Exposed at Millennium Eye Care and Duneland School Corporation Cyberattack

Millennium Eye Care Says Ransomware Gang Stole a Big Amount of Patient Data

A provider of ophthalmology services based in Freehold, NJ, Millennium Eye Care, announced on December 22, 2021, that hackers recently acquired access to its computer network and employed ransomware to encrypt files trying to extort money from the practice.

The breach notification letters did not mention when the attack happened, however, Millennium Eye Care stated that on November 14, 2021, it found out about the exfiltration of a large amount of data prior to encrypting files. The files obtained at the time of the attack consisted of a variety of protected health information (PHI) such as names and Social Security numbers.

Millennium Eye Care mentioned it has improved network security procedures to minimize the threat of further attacks and has offered extra cybersecurity training to the employees to help them to detect external attacks.

Affected people were informed by mail and were provided with information on the actions they can take to safeguard against identity theft and fraud. Identity theft protection services are being given at no cost and affected patients will likewise be covered by a $1,000,000 identity theft repayment policy.

The breach has been reported to authorities nevertheless has not yet shown up on the HHS’ Office for Civil Rights breach portal therefore it is currently not clear how many individuals were impacted.

Duneland School Corporation Cyberattack Reported

Duneland School Corporation based in Indiana has advised the HHS’ Office for Civil Rights concerning a recent cyberattack by which the protected health information of 7,000 persons was possibly affected.

The cyberattack was identified on October 27, 2021, and particular systems inside its computer system became unavailable. A third-party cybersecurity company investigated the incident and determined the nature and magnitude of the attack. The investigation confirmed that unauthorized people got access to areas of its network between October 21 and October 27, and those systems included the personal information of workers and information associated with its self-insured health plan, for instance, names, dates of birth, driver’s license numbers, Social Security numbers, and benefits details.

Duneland School Corporation states it has enforced more safeguards and technical security steps to avoid any more cyberattacks. Identity monitoring services are made available to present and former staff members, beneficiaries, and dependents, whose data were exposed.