Phishing Attack on SouthEast Eye Specialist Group and Ransomware Attack on btyDental

A recent phishing attack on SouthEast Eye Specialist (SEES) Group located in Franklin, TN resulted in the exposure of some protected health information (PHI) of 13,000 patients.

The SEES Group’s substitute breach notice did not clearly say when the phishing attack took place. However, on November 1, 2019, SEES Group confirmed that unknown persons accessed the patient information contained in the email accounts.

SEES Group discovered the breach because the IT department found suspicious activity in the email accounts of some employees. A third-party computer forensics firm investigated the incident to ascertain if the emails or file attachments contained patient data that the attackers potentially viewed or copied.

The investigators found no proof that indicates unauthorized persons accessed the patient information. However, the possibility of patient data compromise cannot be ruled out.

A meticulous analysis of all email messages in the compromised accounts showed they included data on patients such as names, treatment details, and Social Security numbers.

SEES Group is currently looking at its policies and procedures on information security and will improve email security to stop identical occurrences in the future.

Ransomware Attack on btyDental

A ransomware attack on btyDental, which is a network of dental practices located in Anchorage, AK, resulted in the potential compromise of some PHI of 2,008 patients.

The attackers deployed ransomware on some of its servers some time on November 17, 2019. The names and X-ray images of patients are stored in the servers. Other patient PHI is stored in systems that were not affected by the attack.

btyDental immediately implemented steps to recover the compromised servers. Third-party IT experts helped with the investigation and found no evidence that indicates the access or download of any patient images by the attackers.

The security policies and procedures of btyDental have been reviewed. Steps are being undertaken to avoid the occurrence of similar attacks in the future and will keep on monitoring system security and update measures as necessary.