Retina Group of Washington, Pan-American Life Insurance Group, Bellin Health, and Clay County, Minnesota Encounter Cyberattack

456,000 Patients Affected by Retina Group of Washington Data Breach

About 456,000 people were impacted by the data breach on Retina Group of Washington and have begun getting notification letters, 9 months after the occurrence of the breach.

On December 22, 2023, Retina Group of Washington, PLLC, submitted a breach report to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) indicating that the protected health information (PHI) of 455,935 people were affected. On the same day, the group began mailing notification letters.

The notification letters mentioned that on March 26, 2023, Retina Group of Washington began having problems accessing data on parts of its systems. After doing some investigation, the group notified the Federal Bureau of Investigation (FBI). It was confirmed that the problem in accessing files was because of a cyberattack.

There was no mention of the cause of the cyberattack, but the wording that Retina Group of Washington used in the notification letters suggests a ransomware attack. The investigation into the cyberattack is not yet over, however, the theft of patient data in the attack has been confirmed.

The types of data stolen include names, addresses, phone numbers, birth dates, email addresses, demographic data, driver’s license numbers, Social Security numbers, medical record numbers, medical data, payment details, and medical insurance data.

Retina Group of Washington stated there was no attempted or actual patient data misuse identified. Additional security procedures will be implemented to reinforce systems security.

According to the breach notifications, no credit monitoring and identity theft protection services are being provided. Impacted patients were advised to stay cautious against incidents of identity theft and fraud, to check their explanation of benefits and account statements, and to watch out for suspicious activity in their free credit reports and to identify issues. Retina Group of Washington likewise recommends putting their accounts on a credit freeze.

105,000-Record Data Breach at Pan-American Life Insurance Group

Pan-American Life Insurance Group, Inc. (PALIG) recently reported an attack by the Clop hacking group, which took advantage of a zero-day vulnerability found in the MOVEit Transfer file transfer solution of Progress Software at the end of May 2023.

Progress Software informed PALIG concerning the vulnerability and instantly deactivated the software until it applied the patch. The patch was implemented, and steps were undertaken to enhance systems security. Concurrently, PALIG started an investigation to find out if the vulnerability was exploited, and that turned out to be the situation. On October 5, 2023, PALIG confirmed the theft of files from the MOVEit server. The stolen files contained the PHI of 105,387 people, such as names, addresses, birth dates, driver’s license numbers, Social Security numbers, contact data, subscriber numbers, medical and medical benefits details, some biometric information, and credit card and financial account details.

PALIG has already informed the affected people and has provided free credit monitoring services. PALIG also took steps to further strengthen security and make sure that third-party transfer tools are secure.

Bellin Health Informs Patients Concerning the October Cyberattack

Bellin Health recently reported unauthorized access by a third party to its internal systems. Some data of patients who bought home care equipment from 2006 to 2013 may have been accessed or stolen. On October 27, 2023, unauthorized activity was discovered in its computer systems. Its IT security staff promptly took action to control the activity and started an investigation to find out the nature and extent of the unauthorized incident.

Third-party cybersecurity specialists of Bellin Health confirmed that a cyber actor acquired access to a folder that contains archived scanned files that included patient names along with at least one of these data: address, telephone number, birth date, and/or medical data associated with home care devices. A small number of files likewise included Social Security numbers.

Bellin Health stated it has toughened system security and will proceed with the investigation of cybersecurity. The breach report was submitted to the HHS’ Office for Civil Rights as impacting 20,790 people. Patients who had their Social Security numbers compromised were provided free credit monitoring and identity theft protection services.

Ransomware Attack on Clay County, Minnesota

Clay County based in Minnesota reported on December 22, 2023 a ransomware attack that happened in October. On October 27, 2023, the unauthorized activity was discovered in its electronic document management system. Based on the forensic investigation, there was unauthorized access from October 23, 2023 to October 26, 2023, and ransomware was employed for file encryption.

The investigation affirmed that access was acquired to names along with at least one of these data: address, birth date, Social Security number, data about services offered by Clay County Social Services (service location, dates of service, client ID number or unique identifier), insurance ID number, and insurance or billing data.

Clay County officers mentioned it had taken action to enhance security, such as using multifactor authentication for remote access to the breached CaseWorks app, changing processes for vendors getting external access, implementing tools to improve recognition and speed up the response to cyber occurrences, and applying improved technical security procedures for the CaseWorks app.

The HHS’ Office for Civil Rights breach portal has not shown the incident report yet. The number of people affected by the breach is still unclear.