Ransomware Attack Impacts 81,000 Patients of Howard University College of Dentistry

Howard University College of Dentistry found out on September 3, 2021, that unauthorized people had acquired access to its system and utilized ransomware for file encryption. The university announced soon after the attack that it was pressured to stop online and hybrid classes when its systems were repaired, and that a nationally known computer forensics company was called in to check out the incident to find out the scope of the attack and if sensitive data was accessed or compromised.

The university confirmed on September 24, 2021 that a system keeping the dental information of patients was compromised during the ransomware attack. There was no particular proof of unauthorized access or files exfiltration received, though dental records were encrypted. The encrypted information associated with dental appointments from October 5, 2019, to September 3, 2021, and included data like names, contact details, birth dates, dental record numbers, medical insurance details, dental history data, and Social Security numbers for some patients.

The university has sent notifications to all impacted patients through the mail and told them to keep track of their account statements for any indication of bogus activity and mentioned it has additionally improved its cybersecurity procedures to better secure against potential attacks and data breaches.

Howard University College of Dentistry lately sent the data breach report to the HHS’ Office for Civil Rights stating that up to 80,915 individuals were affected.

PHI of Great Plains Manufacturing Health Plan Members Impacted by Cyberattack

Great Plains Manufacturing located in Kansas has informed 4,110 workers that some of their protected health information (PHI) was possibly exposed due to a cyberattack that was identified on October 11, 2021.

The investigation affirmed that unauthorized persons first obtained access to its network on September 28, 2021, and got access until October 11, 2021, when the organization detected the breach and ejected the hackers from its network. An analysis of the compromised file server revealed on November 1, 2021, that the accessed files contained information including names, Social Security numbers, dates of birth, health insurance numbers, and members’ health plan choices.

The breach merely impacted personnel and their dependents who had coverage by the Great Plains Manufacturing, Inc. Employee’s Beneficiary Association Trust health plan. The company sent breach notifications to affected persons on December 1, 2021, and all impacted people were provided with 12 months of complimentary identity theft monitoring services.