Logan Health Medical Center located in Kalispell, MT has recently commenced informing a number of patients that hackers obtained access to a file server that contained patient files in a highly sophisticated criminal attack.
The medical center noticed the security breach of its information technology systems on November 22, 2021. The initial investigation confirmed that a hacker had breached its security defenses. Third-party forensic investigators were called in to carry out an investigation to know the nature and scope of the attack. On January 5, 2022, it was established that some files on its systems that included patient records were viewed.
The breach was confined to a single file server and its electronic medical records were not breached. An assessment of the files on the breached server pointed out they comprised patient data such as names, addresses, dates of birth, email addresses, telephone numbers, medical record numbers, insurance claim details, date(s) of service, treating/referring physician, medical bill account number, and/or medical insurance data. The types of details discovered in the compromised files were different from patient to patient.
Logan Health Medical Center mentioned no information was discovered that shows any data on the breached server was misused; nonetheless, as a preventative measure, affected people were given complimentary credit monitoring and identity protection services with Kroll. Logan Health Medical Center stated it has actually put in place more security measures to strengthen its systems.
The breach has not yet shown up on the HHS’ Office for Civil Rights Breach site, however, the report filed with the Maine Attorney General reveals the protected health information (PHI) of approximately 213,543 persons was likely compromised.
NHS Management Warns Patients Concerning May 2021 Cyberattack
NHS Management based in Tuscaloosa, AL operates 50 long-term rehabilitation facilities in Arkansas, Alabama, Missouri, and Florida, announced a data breach last month that was uncovered in May 2021. NHS Management explained in its breach notification letters that it suffered a sophisticated cyberattack, however, there was no ransomware mentioned. NHS Management claimed the incident impacted the performance of a number of systems and it worked swiftly to re-establish access. The attack did not affect the quality of patient care. NHS mentioned a third-party team of security experts was pulled together to investigate the attack and figure out the nature and magnitude of the incident and the investigation is continuing.
The incident report was submitted to the HHS’ Office for Civil Rights on October 29, 2021 indicating that 501 people were affected. This looks like a placeholder to meet the HIPAA breach reporting conditions until all information concerning the breach is available. NHS Management stated in its breach notification letters that the attack investigation is still ongoing and the range and extent of compromised records is still uncertain as a result of the amount and complexity of the data involved. At this point of the investigation, no evidence was uncovered that suggests employee or patient records were misused.
The investigators established that hackers acquired access to its system between May 14, 2021, and May 16, 2021, and accessed certain files, nevertheless did not obtain access to electronic medical records. The files breached included the following types of information. Name, contact details, medical background, treatment/diagnosis data, health details, health insurance data, Social Security number, date of birth, and driver’s license number. The types of details exposed varied from person to person.
Steps were taken to make certain the safety of its systems to avert further data breaches and NHS Management mentioned notification letters will be sent to impacted persons as soon as they were identified.
