FMC (Family Medicine Centers) Services based in Amarillo, TX recently reported a hacking incident it discovered and blocked on July 26, 2022. A third-party cybersecurity company conducted a forensic investigation to find out the nature and extent of the cyberattack. That investigation didn’t find any proof that indicates the purpose of the cyberattack was to misuse patient data; nevertheless, files that contain patients’ protected health information (PHI) were compromised and might have been accessed. FMC Services stated that during the issuance of notifications to impacted persons, there was no known case of identity theft or other data misuse resulting from the attack.
A thorough analysis of the compromised files affirmed that they included data such as names, dates of birth, mailing addresses, and Social Security numbers, and possibly other types of PHI. As a safety measure, impacted persons received a free membership to an identity theft monitoring service.
FMC Services mentioned that it takes cybersecurity very seriously and it works continuously to enhance security and stay protected against changing cyber threats. Due to this security breach, it will take appropriate actions to further strengthen its security posture. The security report was already submitted to the HHS’ Office for Civil Rights indicating that around 233,948 patients were affected.
Mail Service Vendor Ransomware Attack Affects Geisinger & Seattle Children’s Hospital
Geisinger Health System based in Danville, PA and Seattle Children’s Hospital based in Washington have reported that they were impacted by the ransomware attack on Kaye-Smith, their mail service provider.
Geisinger utilizes VisitPay’s online billing services. VisitPay utilizes the marketing company Kaye-Smith. At the end of May 2022, Kaye-Smith encountered a ransomware attack that made information in its systems inaccessible. After investigating the attack and performing a risk assessment, Kaye Smith confirmed that the attackers possibly viewed and acquired files with data made available by its clients for their marketing and communications promotions.
Geisinger and Seattle Children’s received notifications in September that their patients’ data were potentially compromised. Geisinger mentioned the potential exposure of names, addresses, payment installment plans, medical record numbers, and dates of service. Seattle Children’s mentioned that the breach affected names, addresses, names of providers, medical record numbers, consultation details, laboratory data, guarantor numbers, and the names of insurance providers.
Kaye Smith, Geisinger, and Seattle Children’s stated there was no case of patient data misuse reported resulting from the attack. Geisinger and Seattle Children’s, together with Kaye Smith, are making sure new safety measures are enforced to stop more security breaches. Kaye Smith has provided credit monitoring services to impacted people.
The breach report submitted to OCR indicates that the incident affected 2,857 Geisinger patients and 6,750 Seattle Children’s Hospital patients.
Malware Attack on Johnson Memorial Hospital
Johnson Memorial Hospital based in Stafford Springs, CT recently reported the exposure of the personal data and PHI of some of its patients because of a malware attack at the law agency, Reid and Riege in Hartford, CT.
The law agency discovered the data breach on March 21, 2022. Its investigation confirmed the unauthorized access to its systems from March 21 to March 27, 2022. It notified Johnson Memorial Hospital regarding the incident on May 27, 2022. However, the number of patients impacted or the types of data possibly exposed in the attack are uncertain.