Seven Healthcare Providers Report Data Breach Due to Cyberattacks

Fortra GoAnywhere Hack Impacts Intellihartx

The payment and collections service provider based in Tennessee, Intellihartx, lately reported the theft of the personal and health data of 489,830 persons due to a hacking and extortion attack. At the end of January and beginning of February 2023, the Clop ransomware group gained access to the information of around 130 firms by exploiting a zero-day vulnerability found in Fortra’s GoAnywhere MFT. Although Clop frequently makes use of ransomware for file encryption, the group only conducted theft and extortion of data and issued demands for payment to stop the public exposure of the stolen information.

Intellihartx discovered that it was impacted by the breach on February 2, 2023, and started an investigation to find out the extent of the breach. Initial results were received on March 24 that suggested the potential theft of sensitive information, and information owners got notifications on April 11, 2023. The detailed analysis of the impacted files affirmed on May 10, 2023 the compromise of the protected health information (PHI). The evaluation was done on May 19, 2023.

Intellihartx’s evaluation of the files extracted by Clop confirmed they included data like patient names, birth dates, addresses, diagnoses, prescription drugs, insurance details, billing data, and Social Security numbers. Intellihartx stated it restored the file transfer program and integrated extra security procedures to avoid the same breaches later on and has already informed impacted individuals and provided them with free membership to credit monitoring services.

Cyberattack Affects Petaluma Health Center Patients

Petaluma Health Center located in California has issued notification letters to present and past patients telling them about the potential stealing of some of their PHI. The health center detected a network security incident and immediately blocked it on March 14, 2023. The forensic investigation didn’t get any proof that suggests theft and improper use of patient data. Nevertheless, data theft be eliminated.

The files likely stolen during the attack contained first and last names, addresses, birth dates, Social Security numbers, medical data, and health data, with the impacted data differing from one person to another. Security was remarkable to avoid the same breaches later on and impacted persons seem to have been provided free single-bureau credit monitoring services.

The number of individuals that were affected by the breach is still uncertain.

North Shore Medical Labs Patients Affected by Cyberattack and Data Theft

The clinical reference lab in Williston Park, NY, North Shore Medical Labs, began informing patients that some of their PHI were compromised in a data security incident discovered on March 29, 2023. According to the investigation on May 12, 2023, files were likely viewed and stolen that included names, dates of birth, and medical lab data.

A malicious actor initially acquired access to its networks on December 22, 2022. The laboratory blocked access on March 31, 2023. It was confirmed by the forensic investigation that files were extracted from its network from March 17 to March 31. North Shore Medical Labs stated it did not receive any report of patient data misuse because of the incident. Data security policies and training practices were audited and security measures and monitoring software were improved to minimize any risk linked to the incident and to stop more security problems down the road.

The data breach report submitted to the HHS Office for Civil Rights indicated that 500 persons were affected. That is only a placeholder employed to satisfy reporting prerequisites until the complete scope of the breach is available.

Alvaria Ransomware Attack Affects Shasta Community Health Center

Shasta Community Health Center located in Redding, CA lately reported the compromise of patient information due to a ransomware attack on Alvaria, Inc., its business associate. Based on the breach notice, there was a sophisticated ransomware attack on Alvaria on March 9, 2023, that affected a portion of the network that included clients’ workforce management and outbound dialer information.

Based on the notification letter, the attack happened on March 9, 2023, and was immediately remediated, with information recovered from backup files. The analysis affirmed that the exposed information contained names, addresses, telephone numbers, and associated healthcare company names. Alvaria mentioned in the breach notification letters that immediately after making the network secure, more safety measures were enforced to additionally boost system security. Affected individuals received credit monitoring services.

Alvaria affirmed in February that it encountered a Hive ransomware attack last November 2022. It is not clear whether the two incidents are connected.

Summit Eye & Optical Suffers a Data Breach

Summit Eye & Optical located in Summit, NJ lately affirmed that an unauthorized person acquired access to its system and possibly accessed or acquired the PHI of 5,727 patients. The provider discovered the breach on March 4, 2023, and sent notifications to impacted persons on May 18, 2023.

Summit Eye & Optical affirmed that the data likely compromised in the cyberattack contained complete names, addresses, medical backgrounds, treatment details, and other personal data. The provider evaluated its internal data management and practices and improved its security to stop the same incidents later on. Affected individuals received free identity theft protection services.

Unauthorized Email Access Incident at Sparta Community Hospital District

Sparta Community Hospital District based in Illinois has reported the exposure and potential theft of the PHI of around 900 patients by an unauthorized person who accessed the email account of an employee between March 27, 2023 and March 28, 2023.

The hospital district discovered the breach on March 28 and quickly secured the account. The analysis of the account on April 12, 2023 revealed that it included patient data like names, addresses, telephone numbers, birth dates, medical record numbers, names of physicians, health diagnoses, and limited treatment data. There was no financial data nor Social Security numbers compromised.

Mission Community Hospital Cyberattack

Mission Community Hospital located in California is looking into a cyberattack that happened on April 29, 2023. It is claimed by the RansomHouse threat group that it launched the attack on the San Fernando Valley acute care hospital and it boasted of having exfiltrated over 2.5 terabytes of data. A portion of the stolen data was published on its data leak website. The leaked information consists of medical imaging records, employee information, and financial data.

The hospital discovered the ransomware attack on May 1 when checking out a hardware malfunction and discovered proof of an attack that took advantage of vulnerabilities in its system and VMware environments. It is not yet confirmed the amount of accessed or stolen data.