Medical Eye Services Says PHI of 370,000 Patients Stolen in MOVEit Transfer Hack
Medical Eye Services, Inc. based in California recently reported the theft of the protected health information (PHI) of 346,828 persons. The PHI was stolen from the MOVEIt Transfer server employed by MESVision, a vision benefits management provider, from May 28, 2023 to May 31, 2023. The Clop cyber threat group exploited a zero-day vulnerability as part of a string of attacks on over 2,300 companies worldwide.
MESVision learned on August 23, 2023 that it was impacted by the hacking incident. It has rebuilt its MOVEit server and applied extra technical safety measures to stop more breaches. The stolen information contained names, birth dates, Social Security numbers, policy numbers, subscriber/member IDs, claim numbers, and group numbers. Impacted persons were provided free credit monitoring and identity theft protection services via Kroll.
Ransomware Attack on Prospect Medical Services Affects 109,728 Connecticut Residents
From July 31, 2023 to August 1, 2023, the Rhysida ransomware group accessed the system of Prospect Medical Holdings based in Los Angeles, CA. Prospect Medical discovered the breach on August 1, 2023, and reported it to the HHS Office for Civil Rights on September 29, 2023, indicating that 342,376 individuals were affected. The provider mailed individual notification letters on the same day.
Additional notification letters were sent to 109,728 Eastern Connecticut Health Network (ECHN) Medical Group patients on November 13, 2023. The impacted persons got healthcare services at Rockville General Hospital, Manchester Memorial Hospital, or Waterbury Hospital. According to Prospect Medical, the breached data included names, addresses, birth dates, diagnosis, laboratory data, prescription drugs, and other treatment data, and for several persons, driver’s license numbers and/or Social Security numbers. Those whose Social Security numbers or driver’s license numbers were compromised received 2 years of free credit monitoring and identity theft protection services.
Cyberattack on McAlester Regional Health Center Impacts 38,000 Individuals
McAlester Regional Health Center based in Oklahoma lately informed 37,731 patients regarding a security incident that was discovered on May 8, 2023. The health center took immediate action to secure its system and a third-party cybersecurity company investigated the incident to find out the nature and extent of the attack. It was confirmed that files made up of patient information were compromised. A third-party vendor checked the affected records and finished it on October 23, 2023. Notification letters were sent to the impacted persons on November 15, 2023. The breached data contained names, addresses, birth dates, driver’s license numbers, Social Security numbers, and other government ID data.
McAlester Regional Health Center has increased firewall limits, rewritten and toughened its password policy, applied password changes throughout this company for each account, and increased limitations on file sharing. Impacted persons were given free single-bureau credit monitoring services.
PeakMed Network Accessed Using Breached Credentials
Primary care provider PeakMed in Colorado has began informing 27,800 patients concerning a security breach that was discovered on August 30, 2023. As per the investigation of suspicious network activity, it was confirmed that an unauthorized person used an employee’s credentials to access its system from July 24, 2023 to August 30, 2023.
The documents that were viewed, and likely stolen, contained patient names together with one of these data elements: address, driver’s license number, Social Security number, date of birth, health record number, financial account details, payment card details, electronic signature, billing/claims data, name of medical provider, Medicare/Medicaid ID, medication data, treatment data, and medical insurance data. PeakMed stated it has reset all system passwords upon discovery of the breach, and implemented 2-factor authentication for all staff accounts.
Cyberattack on Catholic Charities of Long Island Impacts 13,000 Patients
Catholic Charities of the Diocese of Rockville Centre, dba Catholic Charities of Long Island-based in New York, informed 13,000 patients about the exposure and potential theft of some of their personal data by unauthorized persons. Network access was likely acquired through the Cisco AnyConnect VPN.
Strange network activity was seen on September 3, 2023, and network access was promptly disabled. A third-party cybersecurity company investigated the breach and confirmed that an unauthorized entity acquired access to files that included patient information, such as, names, addresses, birth dates, driver’s license numbers, Social Security numbers, passports, and health data.
The listing of impacted persons was completed on October 24, 2023. Catholic Charities mailed the notification letters on November 2, 2023 and took action to enhance security, which include adding threat hunting and endpoint detection and response tools.
Data Theft at Endocrine and Psychiatry Center
The Endocrine and Psychiatry Center based in Texas has lately mailed notifications to affected individuals telling them about an unauthorized person who extracted some of their PHI from its systems. The theft happened sometime before March 20, 2023, and included information generated before 2017. A thorough review of the impacted files was done. The healthcare provider confirmed on October 15, 2023 the potential compromise of the following data: complete name, driver’s license number, Social Security number, or other government ID number, birth date, financial account data, credit or debit card details, treatment/diagnosis details, and/or medical insurance data.
As per the notification letter sent to the Maine attorney General, there were 28,531 persons impacted. The Endocrine and Psychiatry Center has provided those persons a free Equifax Credit Watch Gold service membership.
Cyberattack on Bladen County, North Carolina
Bladen County based in North Carolina suffered a cyberattack wherein sensitive information was affected. County authorities stated the attack affected several server and web-based systems, and the occurrence is being looked into by the North Carolina Joint Cybersecurity Task Force, which has assisted in securing its servers. Chairman Rodney Hester of the Bladen County Board of Commissioners mentioned that Bladen County has emergency readiness plans to handle this type of incident and stated that all emergency solutions stayed functional throughout, though the region has been functioning in a restricted capacity since the cyberattack.
There is no disclosure of the nature of the cyberattack, including whether ransomware was used. In the case of using ransomware, no ransom will be paid because North Carolina forbids giving ransom payments. It is presently uncertain how many persons had their data stolen during the cyberattack.
